CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 3CVE-2019-8925 – Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 - Path Traversal / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-8925
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. An Absolute Path Traversal vulnerability in the Administration zone, in /netflow/servlet/CReportPDFServlet (via the parameter schFilePath), allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via any file name, such as a schFilePath=C:\boot.ini value. Se descubrió un problema en Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. Una vulnerabilidad Absolute Path Traversal en la zona de Administración, en / netflow / servlet / CReportPDFServlet (a través del parámetro schFilePath), permite a los usuarios autenticados remotos eludir las restricciones de SecurityManager previstas y listar un directorio principal a través de cualquier nombre de archivo, como schFilePath = C: Valor \ boot.ini. Zoho ManageEngine Netflow Analyzer Professional version 7.0.0.2 suffers from cross site scripting and path traversal vulnerabilities. • https://www.exploit-db.com/exploits/46425 http://packetstormsecurity.com/files/151757/Zoho-ManageEngine-Netflow-Analyzer-Professional-7.0.0.2-Traversal-XSS.html http://seclists.org/fulldisclosure/2019/Feb/45 https://www.manageengine.com/products/netflow/?doc • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2019-8926 – Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 - Path Traversal / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-8926
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/popup1.jsp file via these GET parameters: bussAlert, customDev, and selSource. Se descubrió un problema en Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS existe en el archivo /netflow/jspui/popup1.jsp de la zona de administración a través de estos parámetros GET: bussAlert, customDev y selSource. Zoho ManageEngine Netflow Analyzer Professional version 7.0.0.2 suffers from cross site scripting and path traversal vulnerabilities. • https://www.exploit-db.com/exploits/46425 http://packetstormsecurity.com/files/151757/Zoho-ManageEngine-Netflow-Analyzer-Professional-7.0.0.2-Traversal-XSS.html http://seclists.org/fulldisclosure/2019/Feb/45 https://www.manageengine.com/products/netflow/?doc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2019-8927 – Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 - Path Traversal / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-8927
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/scheduleConfig.jsp file via these GET parameters: devSrc, emailId, excWeekModify, filterFlag, getFilter, mailReport, mset, popup, rep_schedule, rep_Type, schDesc, schName, schSource, selectDeviceDone, task, val10, and val11. Se descubrió un problema en Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS existe en la zona de administración /netflow/jspui/scheduleConfig.jsp a través de estos parámetros GET: devSrc, emailId, excWeekModify, filterFlag, getFilter, mailReport, mset, popup, rep_schedule, rep_Type, schDesc, schName, schSource, selectDeviceDone, task, val10, and val11. Zoho ManageEngine Netflow Analyzer Professional version 7.0.0.2 suffers from cross site scripting and path traversal vulnerabilities. • https://www.exploit-db.com/exploits/46425 http://packetstormsecurity.com/files/151757/Zoho-ManageEngine-Netflow-Analyzer-Professional-7.0.0.2-Traversal-XSS.html http://seclists.org/fulldisclosure/2019/Feb/45 https://www.manageengine.com/products/netflow/?doc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2019-8928 – Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 - Path Traversal / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-8928
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in /netflow/jspui/userManagementForm.jsp via these GET parameters: authMeth, passWord, pwd1, and userName. Se descubrió un problema en Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS existe en /netflow/jspui/userManagementForm.jsp a través de estos parámetros GET: authMeth, passWord, pwd1 y userName. Zoho ManageEngine Netflow Analyzer Professional version 7.0.0.2 suffers from cross site scripting and path traversal vulnerabilities. • https://www.exploit-db.com/exploits/46425 http://packetstormsecurity.com/files/151757/Zoho-ManageEngine-Netflow-Analyzer-Professional-7.0.0.2-Traversal-XSS.html http://seclists.org/fulldisclosure/2019/Feb/45 https://www.manageengine.com/products/netflow/?doc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2019-8929 – Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 - Path Traversal / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-8929
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/selectDevice.jsp file in these GET parameters: param and rtype. Se descubrió un problema en Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS existe en la zona de Administración /netflow/jspui/selectDevice.jsp en estos parámetros GET: param y rtype. Zoho ManageEngine Netflow Analyzer Professional version 7.0.0.2 suffers from cross site scripting and path traversal vulnerabilities. • https://www.exploit-db.com/exploits/46425 http://packetstormsecurity.com/files/151757/Zoho-ManageEngine-Netflow-Analyzer-Professional-7.0.0.2-Traversal-XSS.html http://seclists.org/fulldisclosure/2019/Feb/45 https://www.manageengine.com/products/netflow/?doc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •