CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-6081
https://notcve.org/view.php?id=CVE-2007-6081
AdventNet EventLog Analyzer build 4030 for Windows, and possibly other versions and platforms, installs a mysql instance with a default "root" account without a password, which allows remote attackers to gain privileges and modify logs. Fixed in EventLog Analyzer Build 6000. AdventNet EventLog Analyzer build 4030 para Windows, y posiblemente otras versiones y plataformas, instala una instancia de mysql con una cuenta "root" predeterminada sin contraseña, lo que permite a los atacantes remotos obtener privilegios y modificar registros. Corregido en EventLog Analyzer Build 6000. • http://forums.adventnet.com/viewtopic.php?t=247521 http://osvdb.org/42423 http://secunia.com/advisories/27833 http://www.securityfocus.com/bid/26304 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 5CVE-2007-3593 – NetFlow Analyzer 5 - '/jspui/appConfig.jsp?task' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-3593
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine NetFlow Analyzer 5 allow remote attackers to inject arbitrary web script or HTML via the (1) alpha parameter in (a) netflow/jspui/applicationList.jsp, the (2) task parameter in (b) netflow/jspui/appConfig.jsp, the (3) view parameter in (c) netflow/jspui/index.jsp, and the (4) rtype parameter in (d) netflow/jspui/selectDevice.jsp and (e) netflow/jspui/customReport.jsp. NOTE: it was later reported that vector 3 also affects 7.5 build 7500. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en ManageEngine NetFlow Analyzer versión 5, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del parámetro (1) alpha en (a) el archivo netflow/jspui/applicationList.jsp, el (2) parámetro task en (b) el archivo netflow/jspui/appConfig.jsp, el (3) parámetro view en (c) el archivo netflow/jspui/index.jsp, y el (4) parámetro rtype en (d) los archivos netflow/jspui/selectDevice.jsp y (e) netflow/jspui/customReport.jsp. NOTA: fue reportado mas tarde que el vector 3 también afecta a la versión 7.5 build 7500. • https://www.exploit-db.com/exploits/30267 https://www.exploit-db.com/exploits/30266 https://www.exploit-db.com/exploits/30270 https://www.exploit-db.com/exploits/30268 https://www.exploit-db.com/exploits/30269 http://lostmon.blogspot.com/2007/07/netflow-analizer-5-opmanager-7-multiple.html http://osvdb.org/37826 http://osvdb.org/37827 http://osvdb.org/37828 http://osvdb.org/37829 http://osvdb.org/37830 http://secunia.com/advisories/25947 http://www&# • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.6EPSS: 1%CPEs: 2EXPL: 6CVE-2007-3594 – OpManager 6/7 - '/admin/DeviceAssociation.do' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-3594
Multiple cross-site scripting (XSS) vulnerabilities in AdventNet ManageEngine OpManager 6 and 7 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in (a) ping.do and (b) traceRoute.do in map/; the (2) reportName, (3) displayName, and (4) selectedNode parameters to (c) reports/ReportViewAction.do; the (5) operation parameter to (d) admin/ServiceConfiguration.do; and the (6) selectedNode and (7) selectedTab parameters to (e) admin/DeviceAssociation.do. NOTE: the searchTerm parameter in Search.do is already covered by CVE-2006-2343. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en AdventNet ManageEngine OpManager 6 y 7 permiten a atacantes remotos inyectar scripts web o HTML de su elección mediante (1) parámetro name en (a) ping.do y (b) traceRoute.do en map/; parámetros (2) reportName, (3) displayName, y (4) selectedNode en (c) reports/ReportViewAction.do; (5) parámetro operation en (d) admin/ServiceConfiguration.do; y parámetros (6) selectedNode y (7) selectedTab en (e) admin/DeviceAssociation.do. NOTE: el parámetro searchTerm en Search.do ya está cubierto en CVE-2006-2343. • https://www.exploit-db.com/exploits/30275 https://www.exploit-db.com/exploits/30274 https://www.exploit-db.com/exploits/30271 https://www.exploit-db.com/exploits/30272 https://www.exploit-db.com/exploits/30273 http://lostmon.blogspot.com/2007/07/netflow-analizer-5-opmanager-7-multiple.html http://osvdb.org/37821 http://osvdb.org/37822 http://osvdb.org/37823 http://osvdb.org/37824 http://osvdb.org/37825 http://osvdb.org/38945 http://osvdb.org/3894 •
CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 1CVE-2006-3842
https://notcve.org/view.php?id=CVE-2006-3842
Cross-site scripting (XSS) vulnerability in Zoho Virtual Office 3.2 Build 3210 allows remote attackers to execute arbitrary web script or HTML via an HTML message. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el Zoho Virtual Office 3.2 Build 3210 permite a atacantes remotos ejecutar secuencias de comandos web o HTML de su elección mediante un mensaje HTML. • http://secunia.com/advisories/21085 http://securityreason.com/securityalert/1273 http://www.securityfocus.com/archive/1/440417/100/0/threaded http://www.securityfocus.com/bid/19016 https://exchange.xforce.ibmcloud.com/vulnerabilities/27818 •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2006-2343
https://notcve.org/view.php?id=CVE-2006-2343
Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine OpManager 6.0 allows remote attackers to inject arbitrary web script or HTML via the searchTerm parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. • http://secunia.com/advisories/20067 http://www.securityfocus.com/bid/17944 http://www.vupen.com/english/advisories/2006/1774 https://exchange.xforce.ibmcloud.com/vulnerabilities/26381 •