CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-6081
https://notcve.org/view.php?id=CVE-2007-6081
21 Nov 2007 — AdventNet EventLog Analyzer build 4030 for Windows, and possibly other versions and platforms, installs a mysql instance with a default "root" account without a password, which allows remote attackers to gain privileges and modify logs. Fixed in EventLog Analyzer Build 6000. AdventNet EventLog Analyzer build 4030 para Windows, y posiblemente otras versiones y plataformas, instala una instancia de mysql con una cuenta "root" predeterminada sin contraseña, lo que permite a los atacantes remotos obtener privil... • http://forums.adventnet.com/viewtopic.php?t=247521 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 5CVE-2007-3593 – NetFlow Analyzer 5 - '/jspui/appConfig.jsp?task' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-3593
06 Jul 2007 — Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine NetFlow Analyzer 5 allow remote attackers to inject arbitrary web script or HTML via the (1) alpha parameter in (a) netflow/jspui/applicationList.jsp, the (2) task parameter in (b) netflow/jspui/appConfig.jsp, the (3) view parameter in (c) netflow/jspui/index.jsp, and the (4) rtype parameter in (d) netflow/jspui/selectDevice.jsp and (e) netflow/jspui/customReport.jsp. NOTE: it was later reported that vector 3 also affects 7.5 build 7500. Mú... • https://www.exploit-db.com/exploits/30267 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 2EXPL: 6CVE-2007-3594 – OpManager 6/7 - '/admin/DeviceAssociation.do' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-3594
06 Jul 2007 — Multiple cross-site scripting (XSS) vulnerabilities in AdventNet ManageEngine OpManager 6 and 7 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in (a) ping.do and (b) traceRoute.do in map/; the (2) reportName, (3) displayName, and (4) selectedNode parameters to (c) reports/ReportViewAction.do; the (5) operation parameter to (d) admin/ServiceConfiguration.do; and the (6) selectedNode and (7) selectedTab parameters to (e) admin/DeviceAssociation.do. NOTE: the searchTer... • https://www.exploit-db.com/exploits/30275 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2006-3842
https://notcve.org/view.php?id=CVE-2006-3842
25 Jul 2006 — Cross-site scripting (XSS) vulnerability in Zoho Virtual Office 3.2 Build 3210 allows remote attackers to execute arbitrary web script or HTML via an HTML message. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el Zoho Virtual Office 3.2 Build 3210 permite a atacantes remotos ejecutar secuencias de comandos web o HTML de su elección mediante un mensaje HTML. • http://secunia.com/advisories/21085 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2006-2343
https://notcve.org/view.php?id=CVE-2006-2343
12 May 2006 — Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine OpManager 6.0 allows remote attackers to inject arbitrary web script or HTML via the searchTerm parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. • http://secunia.com/advisories/20067 •
CVSS: 6.1EPSS: 7%CPEs: 1EXPL: 3CVE-2005-3522 – NetFlow Analyzer 4 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-3522
06 Nov 2005 — Cross-site scripting (XSS) vulnerability in index.jsp in ManageEngine Netflow Analyzer 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the grDisp parameter. • https://www.exploit-db.com/exploits/26354 •