19 matches found
CVE-2019-12133
CVE-2019-12133 affects multiple Zoho ManageEngine products (Desktop Central, EventLog Analyzer, ServiceDesk Plus, SupportCenter Plus, O365 Manager Plus, Mobile Device Manager Plus, Patch Connect Plus, Vulnerability Manager Plus, Patch Manager Plus, OpManager, NetFlow Analyzer, OpUtils, Network Co...
CVE-2023-35785
CVE-2023-35785 is a TFA bypass vulnerability affecting Zoho ManageEngine Active Directory 360, ADAudit Plus, ADManager Plus, Asset Explorer, Cloud Security Plus, Data Security Plus, Eventlog Analyzer, Exchange Reporter Plus, Log360, Log360 UEBA, M365 Manager/Security Plus, Recovery Manager Plus, ...
CVE-2014-6038
CVE-2014-6038 affects Zoho/ManageEngine EventLog Analyzer (v7–v9.9 build 9002). The cited issue is an information disclosure in the agentHandler servlet, enabling an unauthenticated remote attacker to obtain usernames, passwords or hashes from the managed hosts’ data. Some connected sources also ...
CVE-2019-19774
CVE-2019-19774 affects Zoho ManageEngine EventLog Analyzer 10.0 SP1 before Build 12110. An authenticated user can bypass access controls via the /event/runquery.do endpoint by executing the query select hostdetails from hostdetails, bypassing restrictions that prevent viewing credential data and ...
CVE-2014-6039
CVE-2014-6039 affects ManageEngine EventLog Analyzer (v7–v9.9 build 9002). A information-disclosure path via the hostdetails servlet exposes usernames and passwords for managed Windows/AS/400 hosts; exploitation relies on prior CVE-2014-6038 flow to obtain host identifiers and then extract creden...
CVE-2014-6037
CVE-2014-6037 describes a directory traversal vulnerability in the agentUpload servlet of ManageEngine EventLog Analyzer (ZOHO) affecting 9.0-build 9002 and 8.2-build 8020. An attacker can upload a ZIP containing an executable with.. sequences and then access that file under the web root via a di...
CVE-2020-24786
CVE-2020-24786 affects multiple ManageEngine products (Exchange Reporter Plus, AD360, ADSelfService Plus, DataSecurity Plus, RecoverManager Plus, EventLog Analyzer, ADAudit Plus, O365 Manager Plus, Cloud Security Plus, ADManager Plus, Log360) with a remotely accessible Java servlet (com.manageeng...
CVE-2018-8721
CVE-2018-8721 affects Zoho ManageEngine EventLog Analyzer 11.0 build 11000. The vulnerability is a stored XSS in the index2.do?url=editAlertForm&tab=alert&alert=profile URI and the Edit Alert Profile screen, allowing an attacker to inject arbitrary HTML/script that executes in a user’s browser. D...
CVE-2017-11685
Affected product: Zoho ManageEngine Event Log Analyzer (versions 11.4 and 11.5). Vulnerability type / vector: Cross-site scripting (XSS) in the search and display of event data, exploitable via the fName parameter. Root cause (as stated): Multiple reflective XSS vulnerabilities enable remote atta...
CVE-2017-11686
Zoho ManageEngine Event Log Analyzer (versions 11.4 and 11.5) is affected by a cross-site scripting/vulnerable cookie handling issue that allows a remote attacker to obtain an authenticated user’s password. The root cause is that the password is represented in a cookie with reversible encoding, e...
CVE-2017-11687
Summary: CVE-2017-11687 concerns Zoho ManageEngine Event Log Analyzer (versions 11.4 and 11.5). The cited sources describe a persistent cross-site scripting (XSS) vulnerability in the Event Log Parser and the Display function, allowing remote attackers to inject arbitrary web script or HTML via s...
CVE-2018-10075
Zoho ManageEngine EventLog Analyzer 11.12 is affected by an XSS vulnerability that can be exploited remotely via the import logs feature. The issue allows an attacker to inject arbitrary web script or HTML when processing logs. Connected sources (NVD, CNVD, PRION, CVELIST) confirm the product/ver...
CVE-2014-4930
The vulnerability is a cross-site scripting (XSS) flaw in ManageEngine EventLog Analyzer, affecting the web endpoint event/index2.do. It allows an attacker to inject arbitrary script or HTML via multiple parameters (width, height, url, helpP, tab, module, completeData, RBBNAME, TC, rtype, eventCr...
CVE-2021-28959
CVE-2021-28959 affects Zoho ManageEngine Eventlog Analyzer up to version 12147. Multiple connected sources (Red Hat, CNVD, NVD, CVE records) confirm an unauthenticated directory traversal via a ZIP archive entry that leads to remote code execution. The issue is a server-side path traversal vulner...
CVE-2014-5103
CVE-2014-5103 affects ZOHO ManageEngine EventLog Analyzer 9 (build 9000). The vulnerability is a cross-site scripting (XSS) flaw where an attacker can inject arbitrary HTML/script via the j_username parameter to event/j_security_check due to insufficient input sanitization. The issue is fixed in ...
CVE-2014-6043
CVE-2014-6043 affects ZOHO ManageEngine EventLog Analyzer (versions 9.0 build 9002 and 8.2 build 8020). The issue is improper restriction of access to the database browser, allowing remote authenticated users to access the database via a direct request to event/runQuery.do. Fixed in Build 10000. ...
CVE-2015-7387
CVE-2015-7387 affects ZOHO ManageEngine EventLog Analyzer up to 10.6 build 10060 (and earlier). The issue arises in event/runQuery.do where the query parameter is insufficiently filtered, enabling remote attackers to chain an allowed query with a disallowed one to execute arbitrary SQL (e.g., "SE...
CVE-2018-10076
Zoho ManageEngine EventLog Analyzer 11.12 is affected by a Cross-Site Scripting vulnerability that allows remote attackers to inject arbitrary web script or HTML via the search box on the Dashboard. The issue is documented in CVE-2018-10076 (also referenced in CNVD-2018-17643). Exploitation detai...
CVE-2018-7405
Zoho ManageEngine EventLog Analyzer is affected by CVE-2018-7405: a cross-site scripting (XSS) vulnerability in versions before 11.12 Build 11120. The root cause is an XSS flaw that allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Impact is described as enab...