Show filters
15 Total Results
Displaying 11-15 of 15
Sort by:
Attacker Value
Unknown
CVE-2018-12997
Disclosure Date: June 29, 2018 (last updated December 08, 2023)
Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows attackers to read certain files on the web server without login by sending a specially crafted request to the server with the operation=copyfile&fileName= substring.
0
Attacker Value
Unknown
CVE-2018-12998
Disclosure Date: June 29, 2018 (last updated December 08, 2023)
A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to inject arbitrary web script or HTML via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet.
0
Attacker Value
Unknown
CVE-2017-14123
Disclosure Date: September 04, 2017 (last updated November 26, 2024)
Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File Upload vulnerability in the "Group Chat" section. Any user can upload files with any extensions. By uploading a PHP file to the server, an attacker can cause it to execute in the server context, as demonstrated by /itplus/FileStorage/302/shell.jsp.
0
Attacker Value
Unknown
CVE-2015-7780
Disclosure Date: June 27, 2017 (last updated November 26, 2024)
Directory traversal vulnerability in ManageEngine Firewall Analyzer before 8.0.
0
Attacker Value
Unknown
CVE-2015-7781
Disclosure Date: June 27, 2017 (last updated November 26, 2024)
ManageEngine Firewall Analyzer before 8.0 does not restrict access permissions.
0
