Show filters
506 Total Results
Displaying 371-380 of 506
Sort by:
Attacker Value
Unknown

CVE-2019-7425

Disclosure Date: March 21, 2019 (last updated November 27, 2024)
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the task parameter.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2019-7423

Disclosure Date: March 21, 2019 (last updated November 27, 2024)
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/editProfile.jsp" file in the userName parameter.
0
0
Attacker Value
Unknown

CVE-2019-7422

Disclosure Date: March 21, 2019 (last updated November 27, 2024)
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/addMailSettings.jsp" file in the gF parameter.
0
0
Attacker Value
Unknown

CVE-2019-7424

Disclosure Date: March 21, 2019 (last updated November 27, 2024)
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/index.jsp" file in the view GET parameter or any of these POST parameters: autorefTime, section, snapshot, viewOpt, viewAll, view, or groupSelName. The latter is related to CVE-2009-3903.
0
0
Attacker Value
Unknown

CVE-2019-8395

Disclosure Date: February 17, 2019 (last updated November 27, 2024)
An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10007 via an attachment to a request.
0
0
Attacker Value
Unknown

CVE-2019-3905

Disclosure Date: January 03, 2019 (last updated November 27, 2024)
Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF.
0
0
Attacker Value
Unknown

CVE-2018-20664

Disclosure Date: January 03, 2019 (last updated November 27, 2024)
Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license.
0
0
Attacker Value
Unknown

CVE-2018-20484

Disclosure Date: December 26, 2018 (last updated November 27, 2024)
Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the self-update layout implementation.
0
0
Attacker Value
Unknown

CVE-2018-20485

Disclosure Date: December 26, 2018 (last updated November 27, 2024)
Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the employee search feature.
0
0
Attacker Value
Unknown

CVE-2018-20338

Disclosure Date: December 21, 2018 (last updated November 27, 2024)
Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL injection in the Alarms section.
0
0
View More Topics  < Previous  Next >