CVSS: 6.5EPSS: 96%CPEs: 1EXPL: 1CVE-2019-8394 – Zoho ManageEngine ServiceDesk Plus (SDP) File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2019-8394
Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization. Zoho ManageEngine ServiceDesk Plus (SDP), en versiones anteriores a la 10.0 build 10012, permite que los atacantes remotos suban archivos arbitrarios mediante la personalización de la página de inicio. Zoho ManageEngine ServiceDesk Plus (SDP) versions prior to 10.0 build 10012 suffer from an arbitrary file upload vulnerability. Zoho ManageEngine ServiceDesk Plus (SDP) contains an unspecified vulnerability that allows remote users to upload files via login page customization. • https://www.exploit-db.com/exploits/46413 http://www.securityfocus.com/bid/107129 https://www.manageengine.com/products/service-desk/readme.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2019-8395
https://notcve.org/view.php?id=CVE-2019-8395
An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10007 via an attachment to a request. Existe una vulnerabilidad IDOR (Insecure Direct Object Reference) en Zoho ManageEngine ServiceDesk Plus (SDP) en versiones anteriores a la 10.0 build 10007 mediante un adjunto en una petición. • https://www.manageengine.com/products/service-desk/readme.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-706: Use of Incorrectly-Resolved Name or Reference •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2019-7424 – Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 XSS
https://notcve.org/view.php?id=CVE-2019-7424
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/index.jsp" file in the view GET parameter or any of these POST parameters: autorefTime, section, snapshot, viewOpt, viewAll, view, or groupSelName. The latter is related to CVE-2009-3903. Existe Cross-Site Scripting (XSS) en Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 en la zona de Administrador en el archivo "/netflow/jspui/index.jsp" en el parámetro GET view o cualquiera de estos parámetros POST: autorefTime, section, snapshot, viewOpt, viewAll, view o groupSelName. Este último está relacionado con CVE-2009-3903. Zoho ManageEngine Netflow Analyzer Professional version 7.0.0.2 suffers from multiple cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/151585/Zoho-ManageEngine-Netflow-Analyzer-Professional-7.0.0.2-XSS.html http://seclists.org/fulldisclosure/2019/Feb/29 https://www.manageengine.com/products/netflow/?doc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2019-7422 – Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 XSS
https://notcve.org/view.php?id=CVE-2019-7422
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/addMailSettings.jsp" file in the gF parameter. Existe Cross-Site Scripting (XSS) en Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 en la zona de Administrador en el archivo "/netflow/jspui/addMailSettings.jsp" en el parámetro gF. Zoho ManageEngine Netflow Analyzer Professional version 7.0.0.2 suffers from multiple cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/151585/Zoho-ManageEngine-Netflow-Analyzer-Professional-7.0.0.2-XSS.html http://seclists.org/fulldisclosure/2019/Feb/29 https://www.manageengine.com/products/netflow/?doc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2019-7425 – Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 XSS
https://notcve.org/view.php?id=CVE-2019-7425
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the task parameter. Existe Cross-Site Scripting (XSS) en Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 en la zona de Administrador en el archivo "/netflow/jspui/linkdownalertConfig.jsp" en el parámetro task. Zoho ManageEngine Netflow Analyzer Professional version 7.0.0.2 suffers from multiple cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/151585/Zoho-ManageEngine-Netflow-Analyzer-Professional-7.0.0.2-XSS.html http://seclists.org/fulldisclosure/2019/Feb/29 https://www.manageengine.com/products/netflow/?doc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •