Search Results | AttackerKB

Show filters

Topics 506 Users 9,734

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

506 Total Results

Displaying 351-360 of 506

Attacker Value

Unknown

CVE-2019-12189

Disclosure Date: May 21, 2019 (last updated November 27, 2024)

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do search field.

0

Attacker Value

Unknown

CVE-2019-8929

Disclosure Date: May 17, 2019 (last updated November 27, 2024)

An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/selectDevice.jsp file in these GET parameters: param and rtype.

0

Attacker Value

Unknown

CVE-2019-8927

Disclosure Date: May 17, 2019 (last updated November 27, 2024)

An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/scheduleConfig.jsp file via these GET parameters: devSrc, emailId, excWeekModify, filterFlag, getFilter, mailReport, mset, popup, rep_schedule, rep_Type, schDesc, schName, schSource, selectDeviceDone, task, val10, and val11.

0

Attacker Value

Unknown

CVE-2019-8928

Disclosure Date: May 17, 2019 (last updated November 27, 2024)

An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in /netflow/jspui/userManagementForm.jsp via these GET parameters: authMeth, passWord, pwd1, and userName.

0

Attacker Value

Unknown

CVE-2019-8926

Disclosure Date: May 17, 2019 (last updated November 27, 2024)

An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/popup1.jsp file via these GET parameters: bussAlert, customDev, and selSource.

0

Attacker Value

Unknown

CVE-2019-8925

Disclosure Date: May 17, 2019 (last updated November 27, 2024)

An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. An Absolute Path Traversal vulnerability in the Administration zone, in /netflow/servlet/CReportPDFServlet (via the parameter schFilePath), allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via any file name, such as a schFilePath=C:\boot.ini value.

0

Attacker Value

Unknown

CVE-2019-7427

Disclosure Date: May 07, 2019 (last updated November 27, 2024)

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the autorefTime or graphTypes parameter.

0

Attacker Value

Unknown

CVE-2019-7426

Disclosure Date: May 07, 2019 (last updated November 27, 2024)

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the groupDesc, groupName, groupID, or task parameter.

0

Attacker Value

Unknown

CVE-2019-11678

Disclosure Date: May 02, 2019 (last updated November 27, 2024)

The "default reports" feature in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123218 is vulnerable to SQL Injection.

0

Attacker Value

Unknown

CVE-2019-11677

Disclosure Date: May 02, 2019 (last updated November 27, 2024)

The Custom Report import function in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to XML External Entity (XXE) Injection.

0