Shodan
Vulnerabilities
Vulnerable Software
Zohocorp:  Security Vulnerabilities
CVE-2019-8929
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/selectDevice.jsp file in these GET parameters: param and rtype.
CVSS Score
6.1
EPSS Score
0.034
Published
2019-05-17
CVE-2019-8926
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/popup1.jsp file via these GET parameters: bussAlert, customDev, and selSource.
CVSS Score
6.1
EPSS Score
0.026
Published
2019-05-17
CVE-2019-8925
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. An Absolute Path Traversal vulnerability in the Administration zone, in /netflow/servlet/CReportPDFServlet (via the parameter schFilePath), allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via any file name, such as a schFilePath=C:\boot.ini value.
CVSS Score
4.3
EPSS Score
0.092
Published
2019-05-17
CVE-2019-7426
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the groupDesc, groupName, groupID, or task parameter.
CVSS Score
6.1
EPSS Score
0.022
Published
2019-05-07
CVE-2019-7427
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the autorefTime or graphTypes parameter.
CVSS Score
6.1
EPSS Score
0.022
Published
2019-05-07
CVE-2019-11676
The user defined DNS name in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to stored XSS attacks.
CVSS Score
6.1
EPSS Score
0.03
Published
2019-05-02
CVE-2019-11677
The Custom Report import function in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to XML External Entity (XXE) Injection.
CVSS Score
9.8
EPSS Score
0.06
Published
2019-05-02
CVE-2019-11678
The "default reports" feature in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123218 is vulnerable to SQL Injection.
CVSS Score
9.8
EPSS Score
0.304
Published
2019-05-02
CVE-2018-19374
Zoho ManageEngine ADManager Plus 6.6 Build 6657 allows local users to gain privileges (after a reboot) by placing a Trojan horse file into the permissive bin directory.
CVSS Score
7.0
EPSS Score
0.001
Published
2019-04-30
CVE-2019-11511
Zoho ManageEngine ADSelfService Plus before build 5708 has XSS via the mobile app API.
CVSS Score
6.1
EPSS Score
0.046
Published
2019-04-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved