Vulnerabilities > Manageengine > Eventlog Analyzer
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-09-27 | CVE-2010-4841 | Cross-Site Scripting vulnerability in Manageengine Eventlog Analyzer 6.1 Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine EventLog Analyzer 6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) HOST_ID, (2) OS, (3) GROUP, (4) exportFile, (5) load, (6) type, or (7) tab parameter to INDEX.do, the (8) reported parameter to INDEX2.do, the (9) gId parameter to hostlist.do, the (10) newWindow parameter to globalSettings.do, or the (11) STATUS parameter to enableHost.do. | 4.3 |
2011-09-27 | CVE-2010-4840 | Buffer Errors vulnerability in Manageengine Eventlog Analyzer 6.1 Multiple buffer overflows in the Syslog server in ManageEngine EventLog Analyzer 6.1 allow remote attackers to cause a denial of service (SysEvttCol.exe process crash) or possibly execute arbitrary code via a long Syslog PRI message header to UDP port (1) 513 or (2) 514. | 7.5 |
2008-03-28 | CVE-2008-1538 | Cross-Site Scripting vulnerability in Manageengine Eventlog Analyzer 5 Cross-site scripting (XSS) vulnerability in searchAction.do in ManageEngine EventLog Analyzer 5 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. | 4.3 |