12 matches found
CVE-2016-6602
ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which allows context-dependent attackers to obtain cleartext passwords by leveraging access to WEB-INF/conf/securitydbData.xml. NOTE: this issue can be combined with CVE-2016-6601 for a remote exploit...
CVE-2016-6603
ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to bypass authentication and impersonate arbitrary users via the UserName HTTP header...
CVE-2016-6601
Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. dot dot in the fileName parameter to servlets/FetchFile...
CVE-2016-6600
Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to upload and execute arbitrary JSP files via a .. dot dot in the fileName parameter to servlets/FileUploadServlet...
CVE-2016-6601
Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. dot dot in the fileName parameter to servlets/FetchFile...
Directory traversal
Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to upload and execute arbitrary JSP files via a .. dot dot in the fileName parameter to servlets/FileUploadServlet...
Directory traversal
Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. dot dot in the fileName parameter to servlets/FetchFile...
Design/Logic Flaw
ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which allows context-dependent attackers to obtain cleartext passwords by leveraging access to WEB-INF/conf/securitydbData.xml. NOTE: this issue can be combined with CVE-2016-6601 for a remote exploit...
CVE-2016-6600
The CVE refers to a directory traversal vulnerability in WebNMS Framework Server 5.2 and 5.2 SP1 (ZOHO WebNMS) via FileUploadServlet, where a crafted fileName with .. allows remote attackers to upload and execute JSP files. A Metasploit module and multiple advisories document an arbitrary file up...
Multiple Vulnerabilities in ZOHO WebNMS Framework (CNVD-2016-06371)
ZOHO WebNMS Framework is the United States ZhuoHao ZOHO company's set of framework for building network management applications. A directory traversal vulnerability, an information disclosure vulnerability, and a user impersonation vulnerability exist in versions 5.2 and 5.2 SP1 of the ZOHO WebNM...
Multiple vulnerabilities in ZOHO WebNMS Framework (CNVD-2016-06372)
ZOHO WebNMS Framework is the United States ZhuoHao ZOHO company's set of framework for building network management applications. A directory traversal vulnerability, an information disclosure vulnerability, and a user impersonation vulnerability exist in versions 5.2 and 5.2 SP1 of the ZOHO WebNM...
Multiple Vulnerabilities in ZOHO WebNMS Framework (CNVD-2016-06370)
ZOHO WebNMS Framework is the United States ZhuoHao ZOHO company's set of framework for building network management applications. A directory traversal vulnerability, an information disclosure vulnerability, and a user impersonation vulnerability exist in versions 5.2 and 5.2 SP1 of the ZOHO WebNM...