Zoho manageengine - Cross-Site Scripting

Zoho manageengine is vulnerable to reflected cross-site scripting. This impacts Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 via the...

CVE-2018-18980

An XML External Entity injection XXE vulnerability exists in Zoho ManageEngine Network Configuration Manager and OpManager before 12.3.214 via the RequestXML parameter in a /devices/ProcessRequest.do GET request. For example, the attacker can trigger the transmission of local files to an arbitrar...

CVE-2022-37024

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 2022-07-29 through 2022-07-30 125658, 126003, 126105, and 126120 allow authenticated users to make database changes that lead to remote code execution...

CVE-2023-29505

An issue was discovered in Zoho ManageEngine Network Configuration Manager 12.6.165. The WebSocket endpoint allows Cross-site WebSocket hijacking...

Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Tivoli Network Configuration Manager ( CVE-2025-53066, CVE-2025-53057).

Summary Multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8, used by IBM Tivoli Network Configuration Manager IP Edition Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions...

EUVD-2018-4948

Malware in sbrugna...

EUVD-2021-21869

Malware in sbrugna...

EUVD-2013-2656

Malware in sbrugna...

EUVD-2023-37396

Malicious code in bioql PyPI...

EUVD-2023-37398

Malicious code in bioql PyPI...

EUVD-2023-44661

Malicious code in bioql PyPI...

EUVD-2023-44662

Malicious code in bioql PyPI...

EUVD-2023-33072

Malicious code in bioql PyPI...

EUVD-2023-27928

Malicious code in bioql PyPI...

The Network Configuration Manager (NCM) software, which is related to the failure to protect the structure of web pages, allows attackers to carry out XSS attacks.

The Network Configuration Manager NCM software is associated with the failure to take measures to protect the structure of web pages. Exploiting this vulnerability can allow a malicious actor to carry out XSS attacks remotely...

VulnCheck KEV: CVE-2018-12998

A reflected Cross-site scripting XSS vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to...

CVE-2023-33226

The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges...

CVE-2023-33227

The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability This vulnerability allows a low level user to perform the actions with SYSTEM privileges...

CVE-2021-35226

An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service SWIS. Exposed credentials are encrypted and require authenticated access with an NCM role...

CVE-2013-2717

Multiple unspecified vulnerabilities in the System Management aka SysAdmin Console in EMC Smarts Network Configuration Manager NCM through 9.2 have unknown impact and attack vectors, a different issue than CVE-2013-0935. NOTE: this might overlap CVEs for open-source server components or other...