CVSS: 6.5EPSS: 28%CPEs: 14EXPL: 7CVE-2014-5446 – ManageEngine Netflow Analyzer / IT360 - Arbitrary File Download
https://notcve.org/view.php?id=CVE-2014-5446
01 Dec 2014 — Directory traversal vulnerability in the DisplayChartPDF servlet in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allows remote attackers and remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter. Vulnerabilidad de salto de directorio en el servlet DisplayChartPDF en ZOHO ManageEngine Netflow Analyzer 8.6 hasta 10.2 y IT360 10.3 permite a atacantes remotos o usuarios remotos autenticados leer ficheros arbitrarios a través de un .. (punto punto) ... • https://packetstorm.news/files/id/129336 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 96%CPEs: 2EXPL: 8CVE-2014-5445 – ManageEngine NetFlow Analyzer CReportPDFServlet schFilePath Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2014-5445
01 Dec 2014 — Multiple absolute path traversal vulnerabilities in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allow remote attackers or remote authenticated users to read arbitrary files via a full pathname in the schFilePath parameter to the (1) CSVServlet or (2) CReportPDFServlet servlet. Múltiples vulnerabilidades de recorrido de directorio absoluto en ZOHO ManageEngine Netflow Analyzer 8.6 hasta 10.2 y IT360 10.3 permiten a atacantes remotos o usuarios remotos autenticados leer ficheros arbitra... • https://packetstorm.news/files/id/180817 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 5CVE-2007-3593 – NetFlow Analyzer 5 - '/jspui/appConfig.jsp?task' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-3593
06 Jul 2007 — Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine NetFlow Analyzer 5 allow remote attackers to inject arbitrary web script or HTML via the (1) alpha parameter in (a) netflow/jspui/applicationList.jsp, the (2) task parameter in (b) netflow/jspui/appConfig.jsp, the (3) view parameter in (c) netflow/jspui/index.jsp, and the (4) rtype parameter in (d) netflow/jspui/selectDevice.jsp and (e) netflow/jspui/customReport.jsp. NOTE: it was later reported that vector 3 also affects 7.5 build 7500. Mú... • https://www.exploit-db.com/exploits/30267 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 2EXPL: 6CVE-2007-3594 – OpManager 6/7 - '/admin/DeviceAssociation.do' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-3594
06 Jul 2007 — Multiple cross-site scripting (XSS) vulnerabilities in AdventNet ManageEngine OpManager 6 and 7 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in (a) ping.do and (b) traceRoute.do in map/; the (2) reportName, (3) displayName, and (4) selectedNode parameters to (c) reports/ReportViewAction.do; the (5) operation parameter to (d) admin/ServiceConfiguration.do; and the (6) selectedNode and (7) selectedTab parameters to (e) admin/DeviceAssociation.do. NOTE: the searchTer... • https://www.exploit-db.com/exploits/30275 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2005-3522 – NetFlow Analyzer 4 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-3522
06 Nov 2005 — Cross-site scripting (XSS) vulnerability in index.jsp in ManageEngine Netflow Analyzer 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the grDisp parameter. • https://www.exploit-db.com/exploits/26354 •