CVSS: 6.1EPSS: 1%CPEs: 2EXPL: 1CVE-2017-11686
https://notcve.org/view.php?id=CVE-2017-11686
27 Jul 2017 — Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allows remote attackers to obtain an authenticated user's password via XSS vulnerabilities or sniffing non-SSL traffic on the network, because the password is represented in a cookie with a reversible encoding method. Zoho ManageEngine Event Log Analyzer versiones 11.4 y 11.5, permite a los atacantes remotos obtener la contraseña de un usuario autenticado por medio de vulnerabilidades XSS o espiando el tráfico no SSL en la red, porque la contraseña se repre... • http://init6.me/exploiting-manageengine-eventlog-analyzer.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2017-11687
https://notcve.org/view.php?id=CVE-2017-11687
27 Jul 2017 — Multiple Persistent cross-site scripting (XSS) vulnerabilities in Event log parsing and Display functions in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML via syslog. Múltiples vulnerabilidades de tipo cross-site-scripting (XSS) persistentes en las funciones de visualización y análisis de registro de eventos en Zoho ManageEngine Event Log Analyzer versiones 11.4 y 11.5, permiten a los atacantes remotos inyectar scripts web o HTML arbitrarios... • http://init6.me/exploiting-manageengine-eventlog-analyzer.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 82%CPEs: 1EXPL: 5CVE-2015-7387 – ManageEngine EventLog Analyzer < 10.6 build 10060 - SQL Execution
https://notcve.org/view.php?id=CVE-2015-7387
28 Sep 2015 — ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions and execute arbitrary SQL commands via an allowed query followed by a disallowed one in the query parameter to event/runQuery.do, as demonstrated by "SELECT 1;INSERT INTO." Fixed in Build 11200. ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 y versiones anteriores permite a los atacantes remotos eludir las restricciones previstas y ejecutar comandos SQL arbitrarios a través de una c... • https://www.exploit-db.com/exploits/38173 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •