Vendor CVEs
Manageengine
All CVEs
296 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-12133 | 0.00 | — | 0.02 | Jun 18, 2019 | Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. Moreover, the services associated with said products try to execute binaries such as sc.exe from the current… | |||
| CVE-2019-12476 | 0.00 | — | 0.02 | Jun 17, 2019 | An authentication bypass vulnerability in the password reset functionality in Zoho ManageEngine ADSelfService Plus before 5.0.6 allows an attacker with physical access to gain a shell with SYSTEM privileges via the restricted thick client browser. The attack uses a long sequence… | |||
| CVE-2019-8346 | 0.00 | — | 0.04 | May 24, 2019 | In Zoho ManageEngine ADSelfService Plus 5.x through 5704, an authorization.do cross-site Scripting (XSS) vulnerability allows for an unauthenticated manipulation of the JavaScript code by injecting the HTTP form parameter adscsrf. An attacker can use this to capture a user's AD… | |||
| CVE-2017-11557 | 0.00 | — | 0.04 | May 23, 2019 | An issue was discovered in ZOHO ManageEngine Applications Manager 12.3. It is possible for an unauthenticated user to view the list of domain names and usernames used in a company's network environment via a userconfiguration.do?method=editUser request. | |||
| CVE-2017-11560 | 0.00 | — | 0.01 | May 23, 2019 | An issue was discovered in ZOHO ManageEngine OpManager 12.2. By adding a Google Map to the application, an authenticated user can upload an HTML file. This HTML file is then rendered in various locations of the application. JavaScript inside the uploaded HTML is also interpreted… | |||
| CVE-2017-11561 | 0.00 | — | 0.02 | May 23, 2019 | An issue was discovered in ZOHO ManageEngine OpManager 12.2. An authenticated user can upload any file they want to share in the "Group Chat" or "Alarm" section. This functionality can be abused by a malicious user by uploading a web shell. | |||
| CVE-2017-11738 | 0.00 | — | 0.04 | May 23, 2019 | In Zoho ManageEngine Application Manager prior to 14.6 Build 14660, the 'haid' parameter of the '/auditLogAction.do' module is vulnerable to a Time-based Blind SQL Injection attack. | |||
| CVE-2017-11739 | 0.00 | — | 0.03 | May 23, 2019 | In Zoho ManageEngine Application Manager 13.1 Build 13100, an authenticated user, with administrative privileges, has the ability to add a widget on any dashboard. This widget can be a "Utility Widget" with a "Custom HTML or Text" field. Once this widget is created, it will be… | |||
| CVE-2019-11677 | 0.00 | — | 0.09 | May 2, 2019 | The Custom Report import function in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to XML External Entity (XXE) Injection. | |||
| CVE-2017-9362 | 0.00 | — | 0.04 | Mar 25, 2019 | ManageEngine ServiceDesk Plus before 9312 contains an XML injection at add Configuration items CMDB API. | |||
| CVE-2017-9376 | 0.00 | — | 0.07 | Mar 25, 2019 | ManageEngine ServiceDesk Plus before 9314 contains a local file inclusion vulnerability in the defModule parameter in DefaultConfigDef.do and AssetDefaultConfigDef.do. | |||
| CVE-2019-7425 | 0.00 | — | 0.03 | Mar 17, 2019 | XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the task parameter. | |||
| CVE-2018-20338 | 0.00 | — | 0.12 | Dec 21, 2018 | Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL injection in the Alarms section. | |||
| CVE-2018-19921 | 0.00 | — | 0.02 | Dec 6, 2018 | Zoho ManageEngine OpManager 12.3 before 123237 has XSS in the domain controller. | |||
| CVE-2018-19288 | 0.00 | — | 0.02 | Nov 15, 2018 | Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the updateWidget API. | |||
| CVE-2018-3235 | 0.00 | — | 0.02 | Oct 17, 2018 | Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: None). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network… | |||
| CVE-2015-5459 | 0.00 | — | 0.03 | Jul 8, 2015 | SQL injection vulnerability in the AdvanceSearch.class in AdventNetPassTrix.jar in ManageEngine Password Manager Pro (PMP) before 8.1 Build 8101 allows remote authenticated users to execute arbitrary SQL commands via the ANDOR parameter, as demonstrated by a request to… | |||
| CVE-2014-9372 | 0.00 | — | 0.02 | Dec 16, 2014 | Directory traversal vulnerability in the UploadAccountActivities servlet in ManageEngine Password Manager Pro (PMP) before 7103 allows remote attackers to delete arbitrary files via a .. (dot dot) in a filename. | |||
| CVE-2014-8678 | 0.00 | — | 0.02 | Nov 25, 2014 | The ConfigSaveServlet servlet in ManageEngine OpUtils before build 71024 allows remote attackers to "disclose" files via a crafted filename, related to "saveFile." | |||
| CVE-2014-4930 | 0.00 | — | 0.04 | Aug 29, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in event/index2.do in ManageEngine EventLog Analyzer before 9.0 build 9002 allow remote attackers to inject arbitrary web script or HTML via the (1) width, (2) height, (3) url, (4) helpP, (5) tab, (6) module, (7) completeData,… | |||
| CVE-2014-4164 | 0.00 | — | 0.01 | Jun 16, 2014 | Cross-site scripting (XSS) vulnerability in AlgoSec FireFlow 6.3-b230 allows remote attackers to inject arbitrary web script or HTML via a user signature to SelfService/Prefs.html. | |||
| CVE-2013-7318 | 0.00 | — | 0.01 | Jan 29, 2014 | Cross-site scripting (XSS) vulnerability in BusinessFlow/login in AlgoSec Firewall Analyzer 6.4 allows remote attackers to inject arbitrary web script or HTML via the message parameter. | |||
| CVE-2012-5956 | 0.00 | — | 0.04 | Dec 11, 2012 | Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine AssetExplorer 5.6 before service pack 5614 allow remote attackers to inject arbitrary web script or HTML via fields in XML asset data to discoveryServlet/WsDiscoveryServlet, as demonstrated by the… | |||
| CVE-2012-1063 | 0.00 | — | 0.01 | Feb 14, 2012 | Multiple SQL injection vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to execute arbitrary SQL commands via the (1) viewId parameter to fault/AlarmView.do or (2) period parameter to showHistoryData.do. | |||
| CVE-2012-1062 | 0.00 | — | 0.01 | Feb 14, 2012 | Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to inject arbitrary web script or HTML via the (1) period parameter to showHistoryData.do; (2) selectedNetwork, (3) network, or (4) group parameters to… | |||
| CVE-2010-5050 | 0.00 | — | 0.03 | Nov 23, 2011 | Cross-site scripting (XSS) vulnerability in jsp/admin/tools/remote_share.jsp in ManageEngine ADManager Plus 4.4.0 allows remote attackers to inject arbitrary web script or HTML via the computerName parameter. NOTE: the provenance of this information is unknown; the details are… | |||
| CVE-2010-4841 | 0.00 | — | 0.02 | Sep 27, 2011 | Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine EventLog Analyzer 6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) HOST_ID, (2) OS, (3) GROUP, (4) exportFile, (5) load, (6) type, or (7) tab parameter to INDEX.do, the (8) reported… | |||
| CVE-2010-4840 | 0.00 | — | 0.02 | Sep 27, 2011 | Multiple buffer overflows in the Syslog server in ManageEngine EventLog Analyzer 6.1 allow remote attackers to cause a denial of service (SysEvttCol.exe process crash) or possibly execute arbitrary code via a long Syslog PRI message header to UDP port (1) 513 or (2) 514. Fixed… | |||
| CVE-2011-1510 | 0.00 | — | 0.01 | Sep 20, 2011 | Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus (SDP) before 8012 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. | |||
| CVE-2011-1509 | 0.00 | — | 0.01 | Sep 20, 2011 | The encryptPassword function in Login.js in ManageEngine ServiceDesk Plus (SDP) 8012 and earlier uses a Caesar cipher for encryption of passwords in cookies, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | |||
| CVE-2011-2756 | 0.00 | — | 0.02 | Jul 17, 2011 | FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 does not require authentication, which allows remote attackers to read files from a specific directory via unspecified vectors. | |||
| CVE-2010-2049 | 0.00 | — | 0.03 | May 25, 2010 | Cross-site scripting (XSS) vulnerability in jsp/audit/reports/ExportReport.jsp in ManageEngine ADAudit Plus 4.0.0 build 4043 allows remote attackers to inject arbitrary web script or HTML via the reportList parameter. NOTE: the provenance of this information is unknown; the… | |||
| CVE-2009-4387 | 0.00 | — | 0.01 | Dec 22, 2009 | The cross-site scripting (XSS) protection mechanism in ShowInContentAreaAction.do in ManageEngine Password Manager Pro (PMP) before 6.1 Build 6104 uses case-sensitive checks for malicious inputs, which allows remote attackers to inject arbitrary web script or HTML via the… | |||
| CVE-2009-3903 | 0.00 | — | 0.02 | Nov 6, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in jspui/index.jsp in ManageEngine Netflow Analyzer 7.5 build 7500 allow remote attackers to inject arbitrary web script or HTML via the (1) view and (2) section parameters. NOTE: the provenance of this information is unknown;… | |||
| CVE-2008-2797 | 0.00 | — | 0.01 | Jun 20, 2008 | Cross-site scripting (XSS) vulnerability in MainLayout.do in ManageEngine OpUtils 5.0 allows remote attackers to inject arbitrary web script or HTML via the hostName parameter, when viewing an SNMP graph. NOTE: the provenance of this information is unknown; the details are… | |||
| CVE-2008-1775 | 0.00 | — | 0.01 | Apr 14, 2008 | Cross-site scripting (XSS) vulnerability in mindex.do in ManageEngine Firewall Analyzer 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the displayName parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from… | |||
| CVE-2008-1566 | 0.00 | — | 0.01 | Mar 31, 2008 | Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine Applications Manager 8.x allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third… | |||
| CVE-2008-1538 | 0.00 | — | 0.01 | Mar 28, 2008 | Cross-site scripting (XSS) vulnerability in searchAction.do in ManageEngine EventLog Analyzer 5 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from… | |||
| CVE-2008-1432 | 0.00 | — | 0.01 | Mar 20, 2008 | Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine SupportCenter Plus 7.0.0 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter, a related issue to CVE-2008-1299. NOTE: the provenance of this information is… | |||
| CVE-2008-0475 | 0.00 | — | 0.01 | Jan 29, 2008 | ManageEngine Applications Manager 8.1 build 8100 allows remote attackers to obtain sensitive information ( Home->Summary) via an invalid URI, as demonstrated by the "/-" URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party… | |||
| CVE-2008-0476 | 0.00 | — | 0.01 | Jan 29, 2008 | ManageEngine Applications Manager 8.1 build 8100 does not check authentication for monitorType.do and unspecified other pages, which allows remote attackers to obtain sensitive information and change settings via unspecified vectors. NOTE: the provenance of this information is… | |||
| CVE-2007-6081 | 0.00 | — | 0.01 | Nov 21, 2007 | AdventNet EventLog Analyzer build 4030 for Windows, and possibly other versions and platforms, installs a mysql instance with a default "root" account without a password, which allows remote attackers to gain privileges and modify logs. Fixed in EventLog Analyzer Build 6000. | |||
| CVE-2007-5891 | 0.00 | — | 0.01 | Nov 8, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in jsp/Login.do in ManageEngine OpManager MSP Edition and OpManager 7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) requestid, (2) fileid, (3) woMode, and (2) woID parameters. NOTE: the provenance… | |||
| CVE-2007-1642 | 0.00 | — | 0.01 | Mar 24, 2007 | Unspecified vulnerability in ManageEngine Firewall Analyzer allows remote authenticated users to "access any common file" via a direct URL request. | |||
| CVE-2006-3842 | 0.00 | — | 0.01 | Jul 25, 2006 | Cross-site scripting (XSS) vulnerability in Zoho Virtual Office 3.2 Build 3210 allows remote attackers to execute arbitrary web script or HTML via an HTML message. | |||
| CVE-2006-2343 | 0.00 | — | 0.01 | May 12, 2006 | Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine OpManager 6.0 allows remote attackers to inject arbitrary web script or HTML via the searchTerm parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party… |
- CVE-2019-12133Jun 18, 2019risk 0.00cvss —epss 0.02
Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. Moreover, the services associated with said products try to execute binaries such as sc.exe from the current…
- CVE-2019-12476Jun 17, 2019risk 0.00cvss —epss 0.02
An authentication bypass vulnerability in the password reset functionality in Zoho ManageEngine ADSelfService Plus before 5.0.6 allows an attacker with physical access to gain a shell with SYSTEM privileges via the restricted thick client browser. The attack uses a long sequence…
- CVE-2019-8346May 24, 2019risk 0.00cvss —epss 0.04
In Zoho ManageEngine ADSelfService Plus 5.x through 5704, an authorization.do cross-site Scripting (XSS) vulnerability allows for an unauthenticated manipulation of the JavaScript code by injecting the HTTP form parameter adscsrf. An attacker can use this to capture a user's AD…
- CVE-2017-11557May 23, 2019risk 0.00cvss —epss 0.04
An issue was discovered in ZOHO ManageEngine Applications Manager 12.3. It is possible for an unauthenticated user to view the list of domain names and usernames used in a company's network environment via a userconfiguration.do?method=editUser request.
- CVE-2017-11560May 23, 2019risk 0.00cvss —epss 0.01
An issue was discovered in ZOHO ManageEngine OpManager 12.2. By adding a Google Map to the application, an authenticated user can upload an HTML file. This HTML file is then rendered in various locations of the application. JavaScript inside the uploaded HTML is also interpreted…
- CVE-2017-11561May 23, 2019risk 0.00cvss —epss 0.02
An issue was discovered in ZOHO ManageEngine OpManager 12.2. An authenticated user can upload any file they want to share in the "Group Chat" or "Alarm" section. This functionality can be abused by a malicious user by uploading a web shell.
- CVE-2017-11738May 23, 2019risk 0.00cvss —epss 0.04
In Zoho ManageEngine Application Manager prior to 14.6 Build 14660, the 'haid' parameter of the '/auditLogAction.do' module is vulnerable to a Time-based Blind SQL Injection attack.
- CVE-2017-11739May 23, 2019risk 0.00cvss —epss 0.03
In Zoho ManageEngine Application Manager 13.1 Build 13100, an authenticated user, with administrative privileges, has the ability to add a widget on any dashboard. This widget can be a "Utility Widget" with a "Custom HTML or Text" field. Once this widget is created, it will be…
- CVE-2019-11677May 2, 2019risk 0.00cvss —epss 0.09
The Custom Report import function in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to XML External Entity (XXE) Injection.
- CVE-2017-9362Mar 25, 2019risk 0.00cvss —epss 0.04
ManageEngine ServiceDesk Plus before 9312 contains an XML injection at add Configuration items CMDB API.
- CVE-2017-9376Mar 25, 2019risk 0.00cvss —epss 0.07
ManageEngine ServiceDesk Plus before 9314 contains a local file inclusion vulnerability in the defModule parameter in DefaultConfigDef.do and AssetDefaultConfigDef.do.
- CVE-2019-7425Mar 17, 2019risk 0.00cvss —epss 0.03
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the task parameter.
- CVE-2018-20338Dec 21, 2018risk 0.00cvss —epss 0.12
Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL injection in the Alarms section.
- CVE-2018-19921Dec 6, 2018risk 0.00cvss —epss 0.02
Zoho ManageEngine OpManager 12.3 before 123237 has XSS in the domain controller.
- CVE-2018-19288Nov 15, 2018risk 0.00cvss —epss 0.02
Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the updateWidget API.
- CVE-2018-3235Oct 17, 2018risk 0.00cvss —epss 0.02
Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: None). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network…
- CVE-2015-5459Jul 8, 2015risk 0.00cvss —epss 0.03
SQL injection vulnerability in the AdvanceSearch.class in AdventNetPassTrix.jar in ManageEngine Password Manager Pro (PMP) before 8.1 Build 8101 allows remote authenticated users to execute arbitrary SQL commands via the ANDOR parameter, as demonstrated by a request to…
- CVE-2014-9372Dec 16, 2014risk 0.00cvss —epss 0.02
Directory traversal vulnerability in the UploadAccountActivities servlet in ManageEngine Password Manager Pro (PMP) before 7103 allows remote attackers to delete arbitrary files via a .. (dot dot) in a filename.
- CVE-2014-8678Nov 25, 2014risk 0.00cvss —epss 0.02
The ConfigSaveServlet servlet in ManageEngine OpUtils before build 71024 allows remote attackers to "disclose" files via a crafted filename, related to "saveFile."
- CVE-2014-4930Aug 29, 2014risk 0.00cvss —epss 0.04
Multiple cross-site scripting (XSS) vulnerabilities in event/index2.do in ManageEngine EventLog Analyzer before 9.0 build 9002 allow remote attackers to inject arbitrary web script or HTML via the (1) width, (2) height, (3) url, (4) helpP, (5) tab, (6) module, (7) completeData,…
- CVE-2014-4164Jun 16, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in AlgoSec FireFlow 6.3-b230 allows remote attackers to inject arbitrary web script or HTML via a user signature to SelfService/Prefs.html.
- CVE-2013-7318Jan 29, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in BusinessFlow/login in AlgoSec Firewall Analyzer 6.4 allows remote attackers to inject arbitrary web script or HTML via the message parameter.
- CVE-2012-5956Dec 11, 2012risk 0.00cvss —epss 0.04
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine AssetExplorer 5.6 before service pack 5614 allow remote attackers to inject arbitrary web script or HTML via fields in XML asset data to discoveryServlet/WsDiscoveryServlet, as demonstrated by the…
- CVE-2012-1063Feb 14, 2012risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to execute arbitrary SQL commands via the (1) viewId parameter to fault/AlarmView.do or (2) period parameter to showHistoryData.do.
- CVE-2012-1062Feb 14, 2012risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to inject arbitrary web script or HTML via the (1) period parameter to showHistoryData.do; (2) selectedNetwork, (3) network, or (4) group parameters to…
- CVE-2010-5050Nov 23, 2011risk 0.00cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in jsp/admin/tools/remote_share.jsp in ManageEngine ADManager Plus 4.4.0 allows remote attackers to inject arbitrary web script or HTML via the computerName parameter. NOTE: the provenance of this information is unknown; the details are…
- CVE-2010-4841Sep 27, 2011risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine EventLog Analyzer 6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) HOST_ID, (2) OS, (3) GROUP, (4) exportFile, (5) load, (6) type, or (7) tab parameter to INDEX.do, the (8) reported…
- CVE-2010-4840Sep 27, 2011risk 0.00cvss —epss 0.02
Multiple buffer overflows in the Syslog server in ManageEngine EventLog Analyzer 6.1 allow remote attackers to cause a denial of service (SysEvttCol.exe process crash) or possibly execute arbitrary code via a long Syslog PRI message header to UDP port (1) 513 or (2) 514. Fixed…
- CVE-2011-1510Sep 20, 2011risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus (SDP) before 8012 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter.
- CVE-2011-1509Sep 20, 2011risk 0.00cvss —epss 0.01
The encryptPassword function in Login.js in ManageEngine ServiceDesk Plus (SDP) 8012 and earlier uses a Caesar cipher for encryption of passwords in cookies, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.
- CVE-2011-2756Jul 17, 2011risk 0.00cvss —epss 0.02
FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 8012 does not require authentication, which allows remote attackers to read files from a specific directory via unspecified vectors.
- CVE-2010-2049May 25, 2010risk 0.00cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in jsp/audit/reports/ExportReport.jsp in ManageEngine ADAudit Plus 4.0.0 build 4043 allows remote attackers to inject arbitrary web script or HTML via the reportList parameter. NOTE: the provenance of this information is unknown; the…
- CVE-2009-4387Dec 22, 2009risk 0.00cvss —epss 0.01
The cross-site scripting (XSS) protection mechanism in ShowInContentAreaAction.do in ManageEngine Password Manager Pro (PMP) before 6.1 Build 6104 uses case-sensitive checks for malicious inputs, which allows remote attackers to inject arbitrary web script or HTML via the…
- CVE-2009-3903Nov 6, 2009risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in jspui/index.jsp in ManageEngine Netflow Analyzer 7.5 build 7500 allow remote attackers to inject arbitrary web script or HTML via the (1) view and (2) section parameters. NOTE: the provenance of this information is unknown;…
- CVE-2008-2797Jun 20, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in MainLayout.do in ManageEngine OpUtils 5.0 allows remote attackers to inject arbitrary web script or HTML via the hostName parameter, when viewing an SNMP graph. NOTE: the provenance of this information is unknown; the details are…
- CVE-2008-1775Apr 14, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in mindex.do in ManageEngine Firewall Analyzer 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the displayName parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from…
- CVE-2008-1566Mar 31, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine Applications Manager 8.x allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third…
- CVE-2008-1538Mar 28, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in searchAction.do in ManageEngine EventLog Analyzer 5 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from…
- CVE-2008-1432Mar 20, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine SupportCenter Plus 7.0.0 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter, a related issue to CVE-2008-1299. NOTE: the provenance of this information is…
- CVE-2008-0475Jan 29, 2008risk 0.00cvss —epss 0.01
ManageEngine Applications Manager 8.1 build 8100 allows remote attackers to obtain sensitive information ( Home->Summary) via an invalid URI, as demonstrated by the "/-" URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…
- CVE-2008-0476Jan 29, 2008risk 0.00cvss —epss 0.01
ManageEngine Applications Manager 8.1 build 8100 does not check authentication for monitorType.do and unspecified other pages, which allows remote attackers to obtain sensitive information and change settings via unspecified vectors. NOTE: the provenance of this information is…
- CVE-2007-6081Nov 21, 2007risk 0.00cvss —epss 0.01
AdventNet EventLog Analyzer build 4030 for Windows, and possibly other versions and platforms, installs a mysql instance with a default "root" account without a password, which allows remote attackers to gain privileges and modify logs. Fixed in EventLog Analyzer Build 6000.
- CVE-2007-5891Nov 8, 2007risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in jsp/Login.do in ManageEngine OpManager MSP Edition and OpManager 7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) requestid, (2) fileid, (3) woMode, and (2) woID parameters. NOTE: the provenance…
- CVE-2007-1642Mar 24, 2007risk 0.00cvss —epss 0.01
Unspecified vulnerability in ManageEngine Firewall Analyzer allows remote authenticated users to "access any common file" via a direct URL request.
- CVE-2006-3842Jul 25, 2006risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Zoho Virtual Office 3.2 Build 3210 allows remote attackers to execute arbitrary web script or HTML via an HTML message.
- CVE-2006-2343May 12, 2006risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine OpManager 6.0 allows remote attackers to inject arbitrary web script or HTML via the searchTerm parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party…
Page 6 of 6