Show filters
22 Total Results
Displaying 11-20 of 22
Sort by:
Attacker Value
Unknown

CVE-2019-11676

Disclosure Date: May 02, 2019 (last updated November 27, 2024)
The user defined DNS name in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to stored XSS attacks.
0
0
Attacker Value
Unknown

CVE-2018-12997

Disclosure Date: June 29, 2018 (last updated December 08, 2023)
Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows attackers to read certain files on the web server without login by sending a specially crafted request to the server with the operation=copyfile&fileName= substring.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2018-12998

Disclosure Date: June 29, 2018 (last updated December 08, 2023)
A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to inject arbitrary web script or HTML via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2017-14123

Disclosure Date: September 04, 2017 (last updated November 26, 2024)
Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File Upload vulnerability in the "Group Chat" section. Any user can upload files with any extensions. By uploading a PHP file to the server, an attacker can cause it to execute in the server context, as demonstrated by /itplus/FileStorage/302/shell.jsp.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2015-7780

Disclosure Date: June 27, 2017 (last updated November 26, 2024)
Directory traversal vulnerability in ManageEngine Firewall Analyzer before 8.0.
0
0
Attacker Value
Unknown

CVE-2015-7781

Disclosure Date: June 27, 2017 (last updated November 26, 2024)
ManageEngine Firewall Analyzer before 8.0 does not restrict access permissions.
0
0
Attacker Value
Unknown

CVE-2013-7318

Disclosure Date: January 29, 2014 (last updated October 05, 2023)
Cross-site scripting (XSS) vulnerability in BusinessFlow/login in AlgoSec Firewall Analyzer 6.4 allows remote attackers to inject arbitrary web script or HTML via the message parameter.
0
0
Attacker Value
Unknown

CVE-2013-5092

Disclosure Date: January 29, 2014 (last updated October 05, 2023)
Cross-site scripting (XSS) vulnerability in afa/php/Login.php in AlgoSec Firewall Analyzer 6.1-b86 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
0
0
Attacker Value
Unknown

CVE-2012-4891

Disclosure Date: September 10, 2012 (last updated October 05, 2023)
Cross-site scripting (XSS) vulnerability in fw/index2.do in ManageEngine Firewall Analyzer 7.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vector than CVE-2012-4889. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
0
0
Attacker Value
Unknown

CVE-2012-4889

Disclosure Date: September 10, 2012 (last updated October 05, 2023)
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do.
0
0
View More Topics  < Previous  Next >