AdventNet EventLog Analyzer build 4030 for Windows, and possibly other versions and platforms, installs a mysql instance with a default "root" account without a password, which allows remote attackers to gain privileges and modify logs. Fixed in EventLog Analyzer Build 6000.
Max CVSS
7.5
EPSS Score
0.52%
Published
2007-11-21
Updated
2020-03-26
Multiple cross-site scripting (XSS) vulnerabilities in AdventNet ManageEngine OpManager 6 and 7 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in (a) ping.do and (b) traceRoute.do in map/; the (2) reportName, (3) displayName, and (4) selectedNode parameters to (c) reports/ReportViewAction.do; the (5) operation parameter to (d) admin/ServiceConfiguration.do; and the (6) selectedNode and (7) selectedTab parameters to (e) admin/DeviceAssociation.do. NOTE: the searchTerm parameter in Search.do is already covered by CVE-2006-2343.
Max CVSS
2.6
EPSS Score
0.80%
Published
2007-07-06
Updated
2017-07-29
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine NetFlow Analyzer 5 allow remote attackers to inject arbitrary web script or HTML via the (1) alpha parameter in (a) netflow/jspui/applicationList.jsp, the (2) task parameter in (b) netflow/jspui/appConfig.jsp, the (3) view parameter in (c) netflow/jspui/index.jsp, and the (4) rtype parameter in (d) netflow/jspui/selectDevice.jsp and (e) netflow/jspui/customReport.jsp. NOTE: it was later reported that vector 3 also affects 7.5 build 7500.
Max CVSS
4.3
EPSS Score
0.50%
Published
2007-07-06
Updated
2017-07-29
Cross-site scripting (XSS) vulnerability in Zoho Virtual Office 3.2 Build 3210 allows remote attackers to execute arbitrary web script or HTML via an HTML message.
Max CVSS
4.3
EPSS Score
1.11%
Published
2006-07-25
Updated
2018-10-17
Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine OpManager 6.0 allows remote attackers to inject arbitrary web script or HTML via the searchTerm parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
Max CVSS
5.8
EPSS Score
0.29%
Published
2006-05-12
Updated
2017-07-20
Cross-site scripting (XSS) vulnerability in index.jsp in ManageEngine Netflow Analyzer 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the grDisp parameter.
Max CVSS
4.3
EPSS Score
0.82%
Published
2005-11-06
Updated
2017-07-11
6 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!