Lucene search
+L
ZohocorpManageengine Eventlog Analyzer

19 matches found

CVE
CVE
added 2019/06/18 9:27 p.m.148 views

CVE-2019-12133

CVE-2019-12133 affects multiple Zoho ManageEngine products (Desktop Central, EventLog Analyzer, ServiceDesk Plus, SupportCenter Plus, O365 Manager Plus, Mobile Device Manager Plus, Patch Connect Plus, Vulnerability Manager Plus, Patch Manager Plus, OpManager, NetFlow Analyzer, OpUtils, Network Co...

7.8CVSS8AI score0.01817EPSS
CVE
CVE
added 2023/08/28 12:0 a.m.134 views

CVE-2023-35785

CVE-2023-35785 is a TFA bypass vulnerability affecting Zoho ManageEngine Active Directory 360, ADAudit Plus, ADManager Plus, Asset Explorer, Cloud Security Plus, Data Security Plus, Eventlog Analyzer, Exchange Reporter Plus, Log360, Log360 UEBA, M365 Manager/Security Plus, Recovery Manager Plus, ...

8.1CVSS8AI score0.02434EPSS
CVE
CVE
added 2020/01/13 12:42 p.m.94 views

CVE-2014-6038

CVE-2014-6038 affects Zoho/ManageEngine EventLog Analyzer (v7–v9.9 build 9002). The cited issue is an information disclosure in the agentHandler servlet, enabling an unauthenticated remote attacker to obtain usernames, passwords or hashes from the managed hosts’ data. Some connected sources also ...

7.5CVSS7.1AI score0.72757EPSS
CVE
CVE
added 2019/12/13 6:0 p.m.90 views

CVE-2019-19774

CVE-2019-19774 affects Zoho ManageEngine EventLog Analyzer 10.0 SP1 before Build 12110. An authenticated user can bypass access controls via the /event/runquery.do endpoint by executing the query select hostdetails from hostdetails, bypassing restrictions that prevent viewing credential data and ...

8.8CVSS8.7AI score0.12517EPSS
Web
CVE
CVE
added 2020/01/13 12:47 p.m.85 views

CVE-2014-6039

CVE-2014-6039 affects ManageEngine EventLog Analyzer (v7–v9.9 build 9002). A information-disclosure path via the hostdetails servlet exposes usernames and passwords for managed Windows/AS/400 hosts; exploitation relies on prior CVE-2014-6038 flow to obtain host identifiers and then extract creden...

7.5CVSS7.3AI score0.68779EPSS
CVE
CVE
added 2014/10/26 7:0 p.m.83 views

CVE-2014-6037

CVE-2014-6037 describes a directory traversal vulnerability in the agentUpload servlet of ManageEngine EventLog Analyzer (ZOHO) affecting 9.0-build 9002 and 8.2-build 8020. An attacker can upload a ZIP containing an executable with.. sequences and then access that file under the web root via a di...

7.5CVSS7.6AI score0.84182EPSS
CVE
CVE
added 2020/08/31 2:2 p.m.69 views

CVE-2020-24786

CVE-2020-24786 affects multiple ManageEngine products (Exchange Reporter Plus, AD360, ADSelfService Plus, DataSecurity Plus, RecoverManager Plus, EventLog Analyzer, ADAudit Plus, O365 Manager Plus, Cloud Security Plus, ADManager Plus, Log360) with a remotely accessible Java servlet (com.manageeng...

10CVSS9.4AI score0.12822EPSS
CVE
CVE
added 2018/03/15 4:0 a.m.57 views

CVE-2018-8721

CVE-2018-8721 affects Zoho ManageEngine EventLog Analyzer 11.0 build 11000. The vulnerability is a stored XSS in the index2.do?url=editAlertForm&tab=alert&alert=profile URI and the Edit Alert Profile screen, allowing an attacker to inject arbitrary HTML/script that executes in a user’s browser. D...

6.1CVSS5.9AI score0.02004EPSS
CVE
CVE
added 2017/07/27 6:0 a.m.52 views

CVE-2017-11685

Affected product: Zoho ManageEngine Event Log Analyzer (versions 11.4 and 11.5). Vulnerability type / vector: Cross-site scripting (XSS) in the search and display of event data, exploitable via the fName parameter. Root cause (as stated): Multiple reflective XSS vulnerabilities enable remote atta...

6.1CVSS6AI score0.01265EPSS
CVE
CVE
added 2017/07/27 6:0 a.m.51 views

CVE-2017-11686

Zoho ManageEngine Event Log Analyzer (versions 11.4 and 11.5) is affected by a cross-site scripting/vulnerable cookie handling issue that allows a remote attacker to obtain an authenticated user’s password. The root cause is that the password is represented in a cookie with reversible encoding, e...

6.1CVSS6.2AI score0.02293EPSS
CVE
CVE
added 2017/07/27 6:0 a.m.48 views

CVE-2017-11687

Summary: CVE-2017-11687 concerns Zoho ManageEngine Event Log Analyzer (versions 11.4 and 11.5). The cited sources describe a persistent cross-site scripting (XSS) vulnerability in the Event Log Parser and the Display function, allowing remote attackers to inject arbitrary web script or HTML via s...

6.1CVSS6AI score0.01265EPSS
CVE
CVE
added 2018/07/02 4:0 p.m.47 views

CVE-2018-10075

Zoho ManageEngine EventLog Analyzer 11.12 is affected by an XSS vulnerability that can be exploited remotely via the import logs feature. The issue allows an attacker to inject arbitrary web script or HTML when processing logs. Connected sources (NVD, CNVD, PRION, CVELIST) confirm the product/ver...

6.1CVSS6AI score0.01275EPSS
CVE
CVE
added 2014/08/29 2:0 p.m.46 views

CVE-2014-4930

The vulnerability is a cross-site scripting (XSS) flaw in ManageEngine EventLog Analyzer, affecting the web endpoint event/index2.do. It allows an attacker to inject arbitrary script or HTML via multiple parameters (width, height, url, helpP, tab, module, completeData, RBBNAME, TC, rtype, eventCr...

4.3CVSS5.9AI score0.03634EPSS
Web
CVE
CVE
added 2021/04/30 12:16 p.m.46 views

CVE-2021-28959

CVE-2021-28959 affects Zoho ManageEngine Eventlog Analyzer up to version 12147. Multiple connected sources (Red Hat, CNVD, NVD, CVE records) confirm an unauthenticated directory traversal via a ZIP archive entry that leads to remote code execution. The issue is a server-side path traversal vulner...

9.8CVSS9.8AI score0.16912EPSS
CVE
CVE
added 2014/07/25 7:0 p.m.45 views

CVE-2014-5103

CVE-2014-5103 affects ZOHO ManageEngine EventLog Analyzer 9 (build 9000). The vulnerability is a cross-site scripting (XSS) flaw where an attacker can inject arbitrary HTML/script via the j_username parameter to event/j_security_check due to insufficient input sanitization. The issue is fixed in ...

4.3CVSS5.8AI score0.035EPSS
Web
CVE
CVE
added 2014/09/11 3:0 p.m.45 views

CVE-2014-6043

CVE-2014-6043 affects ZOHO ManageEngine EventLog Analyzer (versions 9.0 build 9002 and 8.2 build 8020). The issue is improper restriction of access to the database browser, allowing remote authenticated users to access the database via a direct request to event/runQuery.do. Fixed in Build 10000. ...

6.5CVSS6.3AI score0.12797EPSS
CVE
CVE
added 2015/09/28 3:0 p.m.45 views

CVE-2015-7387

CVE-2015-7387 affects ZOHO ManageEngine EventLog Analyzer up to 10.6 build 10060 (and earlier). The issue arises in event/runQuery.do where the query parameter is insufficiently filtered, enabling remote attackers to chain an allowed query with a disallowed one to execute arbitrary SQL (e.g., "SE...

7.5CVSS8.3AI score0.80192EPSS
Web
CVE
CVE
added 2018/07/02 4:0 p.m.45 views

CVE-2018-10076

Zoho ManageEngine EventLog Analyzer 11.12 is affected by a Cross-Site Scripting vulnerability that allows remote attackers to inject arbitrary web script or HTML via the search box on the Dashboard. The issue is documented in CVE-2018-10076 (also referenced in CNVD-2018-17643). Exploitation detai...

6.1CVSS6AI score0.01275EPSS
CVE
CVE
added 2018/03/13 7:0 p.m.41 views

CVE-2018-7405

Zoho ManageEngine EventLog Analyzer is affected by CVE-2018-7405: a cross-site scripting (XSS) vulnerability in versions before 11.12 Build 11120. The root cause is an XSS flaw that allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Impact is described as enab...

6.1CVSS6AI score0.01304EPSS