VYPR

Netflow Analyzer

by Manageengine

CVEs (12)

  • CVE-2019-8925May 17, 2019
    risk 0.04cvss epss 0.12

    An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. An Absolute Path Traversal vulnerability in the Administration zone, in /netflow/servlet/CReportPDFServlet (via the parameter schFilePath), allows remote authenticated users to bypass intended…

  • CVE-2014-5445Dec 4, 2014
    risk 0.04cvss epss 0.98

    Multiple absolute path traversal vulnerabilities in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allow remote attackers or remote authenticated users to read arbitrary files via a full pathname in the schFilePath parameter to the (1) CSVServlet or (2)…

  • CVE-2019-8927May 17, 2019
    risk 0.03cvss epss 0.06

    An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/scheduleConfig.jsp file via these GET parameters: devSrc, emailId, excWeekModify, filterFlag, getFilter, mailReport, mset, popup,…

  • CVE-2019-8926May 17, 2019
    risk 0.03cvss epss 0.06

    An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/popup1.jsp file via these GET parameters: bussAlert, customDev, and selSource.

  • CVE-2007-3594Jul 6, 2007
    risk 0.03cvss epss 0.06

    Multiple cross-site scripting (XSS) vulnerabilities in AdventNet ManageEngine OpManager 6 and 7 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in (a) ping.do and (b) traceRoute.do in map/; the (2) reportName, (3) displayName, and (4)…

  • CVE-2007-3593Jul 6, 2007
    risk 0.03cvss epss 0.04

    Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine NetFlow Analyzer 5 allow remote attackers to inject arbitrary web script or HTML via the (1) alpha parameter in (a) netflow/jspui/applicationList.jsp, the (2) task parameter in (b) netflow/jspui/appConfig.jsp,…

  • CVE-2005-3522Nov 6, 2005
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in index.jsp in ManageEngine Netflow Analyzer 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the grDisp parameter.

  • CVE-2022-36923Aug 10, 2022
    risk 0.02cvss epss 0.08

    Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 (125657, 126002, 126104, and 126118) allow unauthenticated attackers to obtain a user's API key, and…

  • CVE-2019-12196Jun 5, 2019
    risk 0.02cvss epss 0.69

    A SQL injection vulnerability in /client/api/json/v2/nfareports/compareReport in Zoho ManageEngine NetFlow Analyzer 12.3 allows attackers to execute arbitrary SQL commands via the DeviceID parameter.

  • CVE-2014-9373Dec 16, 2014
    risk 0.01cvss epss 0.06

    Directory traversal vulnerability in the CollectorConfInfoServlet servlet in ManageEngine NetFlow Analyzer allows remote attackers to execute arbitrary code via a .. (dot dot) in the filename.

  • CVE-2019-7425Mar 17, 2019
    risk 0.00cvss epss 0.03

    XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the task parameter.

  • CVE-2009-3903Nov 6, 2009
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in jspui/index.jsp in ManageEngine Netflow Analyzer 7.5 build 7500 allow remote attackers to inject arbitrary web script or HTML via the (1) view and (2) section parameters. NOTE: the provenance of this information is unknown;…