NotCVE - vendor:"Manageengine" product:"Eventlog Analyzer"

3 results (0.006 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2010-4841

https://notcve.org/view.php?id=CVE-2010-4841

27 Sep 2011 — Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine EventLog Analyzer 6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) HOST_ID, (2) OS, (3) GROUP, (4) exportFile, (5) load, (6) type, or (7) tab parameter to INDEX.do, the (8) reported parameter to INDEX2.do, the (9) gId parameter to hostlist.do, the (10) newWindow parameter to globalSettings.do, or the (11) STATUS parameter to enableHost.do. Fixed in Build 9000. Múltiples vulnerabilidades cross-site scripting (XSS... • http://www.solutionary.com/index/SERT/Vuln-Disclosures/ManageEngine-XSS-vulnerabilities.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0

CVE-2010-4840

https://notcve.org/view.php?id=CVE-2010-4840

27 Sep 2011 — Multiple buffer overflows in the Syslog server in ManageEngine EventLog Analyzer 6.1 allow remote attackers to cause a denial of service (SysEvttCol.exe process crash) or possibly execute arbitrary code via a long Syslog PRI message header to UDP port (1) 513 or (2) 514. Fixed in 7.2 Build 7020. Múltiples desbordamientos de búfer en el servidor Syslog en ManageEngine EventLog Analyzer 6.1 permiten a los atacantes remotos causar una denegación de servicio (bloqueo del proceso SysEvttCol.exe) o posiblemente e... • http://www.solutionary.com/index/SERT/Vuln-Disclosures/ManageEngine-Eventlog-Analyzer-Syslog-Renite-DoS-vuln.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2008-1538

https://notcve.org/view.php?id=CVE-2008-1538

28 Mar 2008 — Cross-site scripting (XSS) vulnerability in searchAction.do in ManageEngine EventLog Analyzer 5 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Fixed in EventLog Analyzer 10.0 Build 10000. La vulnerabilidad de Cros-site scripting (XSS) en searchAction.do en ManageEngine EventLog Analyzer 5 permite a los atacantes remotos inyectar secuencias de comand... • http://secunia.com/advisories/29524 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •