Vulnerabilities > Zohocorp

DATE CVE VULNERABILITY TITLE RISK
2019-05-17 CVE-2019-8927 Cross-site Scripting vulnerability in Zohocorp Manageengine Netflow Analyzer 7.0.0.2
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2.
network
low complexity
zohocorp CWE-79
6.1
6.1
2019-05-17 CVE-2019-8926 Cross-site Scripting vulnerability in Zohocorp Manageengine Netflow Analyzer 7.0.0.2
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2.
network
low complexity
zohocorp CWE-79
6.1
6.1
2019-05-17 CVE-2019-8925 Path Traversal vulnerability in Zohocorp Manageengine Netflow Analyzer 7.0.0.2
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2.
network
low complexity
zohocorp CWE-22
4.3
4.3
2019-05-07 CVE-2019-7427 Cross-site Scripting vulnerability in Zohocorp Manageengine Netflow Analyzer 7.0.0.2
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the autorefTime or graphTypes parameter.
network
low complexity
zohocorp CWE-79
6.1
6.1
2019-05-07 CVE-2019-7426 Cross-site Scripting vulnerability in Zohocorp Manageengine Netflow Analyzer 7.0.0.2
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the groupDesc, groupName, groupID, or task parameter.
network
low complexity
zohocorp CWE-79
6.1
6.1
2019-05-02 CVE-2019-11678 SQL Injection vulnerability in Zohocorp Manageengine Firewall Analyzer
The "default reports" feature in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123218 is vulnerable to SQL Injection.
network
low complexity
zohocorp CWE-89
critical
 9.8
9.8
2019-05-02 CVE-2019-11677 XXE vulnerability in Zohocorp Manageengine Firewall Analyzer
The Custom Report import function in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to XML External Entity (XXE) Injection.
network
low complexity
zohocorp CWE-611
critical
 9.8
9.8
2019-05-02 CVE-2019-11676 Cross-site Scripting vulnerability in Zohocorp Manageengine Firewall Analyzer
The user defined DNS name in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to stored XSS attacks.
network
low complexity
zohocorp CWE-79
6.1
6.1
2019-04-30 CVE-2018-19374 Incorrect Permission Assignment for Critical Resource vulnerability in Zohocorp Manageengine Admanager Plus 6.6
Zoho ManageEngine ADManager Plus 6.6 Build 6657 allows local users to gain privileges (after a reboot) by placing a Trojan horse file into the permissive bin directory.
local
high complexity
zohocorp CWE-732
7.0
7.0
2019-04-25 CVE-2019-11511 Cross-site Scripting vulnerability in Zohocorp Manageengine Adselfservice Plus 5.7
Zoho ManageEngine ADSelfService Plus before build 5708 has XSS via the mobile app API.
network
low complexity
zohocorp CWE-79
6.1
6.1