CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2017-11685
https://notcve.org/view.php?id=CVE-2017-11685
Multiple Reflective cross-site scripting (XSS) vulnerabilities in search and display of event data in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML, as demonstrated by the fName parameter. Múltiples vulnerabilidades de tipo cross-site-scripting (XSS) reflexivo en la búsqueda y visualización de datos de eventos en Zoho ManageEngine Event Log Analyzer versiones 11.4 y 11.5, permiten a los atacantes remotos inyectar scripts web o HTML arbitrarios, como es demostrado por el parámetro fName. • http://init6.me/exploiting-manageengine-eventlog-analyzer.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2017-11687
https://notcve.org/view.php?id=CVE-2017-11687
Multiple Persistent cross-site scripting (XSS) vulnerabilities in Event log parsing and Display functions in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML via syslog. Múltiples vulnerabilidades de tipo cross-site-scripting (XSS) persistentes en las funciones de visualización y análisis de registro de eventos en Zoho ManageEngine Event Log Analyzer versiones 11.4 y 11.5, permiten a los atacantes remotos inyectar scripts web o HTML arbitrarios por medio de syslog. • http://init6.me/exploiting-manageengine-eventlog-analyzer.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 15%CPEs: 1EXPL: 1CVE-2017-11346 – ManageEngine Desktop Central 10 Build 100087 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2017-11346
Zoho ManageEngine Desktop Central before build 100092 allows remote attackers to execute arbitrary code via vectors involving the upload of help desk videos. Desktop Central antes del build 100092 de Zoho ManageEngine, permite a los atacantes remotos ejecutar código arbitrario por medio de vectores que involucran la carga de videos de soporte al usuario. • https://www.exploit-db.com/exploits/42358 https://www.manageengine.com/products/desktop-central/remote-code-execution.html • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7780
https://notcve.org/view.php?id=CVE-2015-7780
Directory traversal vulnerability in ManageEngine Firewall Analyzer before 8.0. Vulnerabilidad salto de directorio en ManageEngine Firewall Analyzer anterior a la versión 8.0. • http://jvn.jp/en/jp/JVN21968837/index.html http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000185.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7781
https://notcve.org/view.php?id=CVE-2015-7781
ManageEngine Firewall Analyzer before 8.0 does not restrict access permissions. ManageEngine Firewall Analyzer anterior a la versión 8.0 no restringe los permisos de acceso. • http://jvn.jp/en/jp/JVN12991684/index.html http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000186.html • CWE-275: Permission Issues •