Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
analyzer vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-4891
Cross-site scripting (XSS) vulnerability in fw/index2.do in ManageEngine Firewall Analyzer 7.2 allows remote malicious users to inject arbitrary web script or HTML via the url parameter, a different vector than CVE-2012-4889. NOTE: the provenance of this information is unknown; t...
Manageengine Firewall Analyzer 7.2
1 EDB exploit
NA
CVE-2015-4418
Zoho NetFlow Analyzer build 10250 and previous versions does not have an off autocomplete attribute for a password field, which makes it easier for remote malicious users to obtain access by leveraging an unattended workstation.
Zohocorp Manageengine Netflow Analyzer -
6.1
CVSSv3
CVE-2016-4988
Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin prior to 1.16.0 in Jenkins allows remote malicious users to inject arbitrary web script or HTML via an unspecified parameter.
Jenkins Build Failure Analyzer
8.8
CVSSv3
CVE-2019-19774
An issue exists in Zoho ManageEngine EventLog Analyzer 10.0 SP1 before Build 12110. By running "select hostdetails from hostdetails" at the /event/runquery.do endpoint, it is possible to bypass the security restrictions that prevent even administrative users from viewin...
Zohocorp Manageengine Eventlog Analyzer
1 EDB exploit
6.1
CVSSv3
CVE-2023-33231
XSS attack was possible in DPA 2023.2 due to insufficient input validation
Solarwinds Database Performance Analyzer
7.8
CVSSv3
CVE-2022-27638
Uncontrolled search path element in the Intel(R) Advanced Link Analyzer Pro before version 22.2 and Standard edition software before version 22.1.1 STD may allow an authenticated user to potentially enable escalation of privilege via local access.
Intel Advanced Link Analyzer
6.5
CVSSv3
CVE-2019-16555
A user-supplied regular expression in Jenkins Build Failure Analyzer Plugin 1.24.1 and previous versions was processed in a way that wasn't interruptible, allowing malicious users to have Jenkins evaluate a regular expression without the ability to interrupt this process.
Jenkins Build Failure Analyzer
7.8
CVSSv3
CVE-2023-27505
Incorrect default permissions in some Intel(R) Advanced Link Analyzer Standard Edition software installers before version 22.1 .1 may allow an authenticated user to potentially enable escalation of privilege via local access.
Intel Advanced Link Analyzer
5.4
CVSSv3
CVE-2020-2244
Jenkins Build Failure Analyzer Plugin 1.27.0 and previous versions does not escape matching text in a form validation response, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to provide console output for builds used to test build log indica...
Jenkins Build Failure Analyzer
NA
CVE-2010-4840
Multiple buffer overflows in the Syslog server in ManageEngine EventLog Analyzer 6.1 allow remote malicious users to cause a denial of service (SysEvttCol.exe process crash) or possibly execute arbitrary code via a long Syslog PRI message header to UDP port (1) 513 or (2) 514. Fi...
Manageengine Eventlog Analyzer 6.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
client side
CVE-2023-31889
template injection
CVE-2024-4304
CVE-2006-4304
CVE-2024-33272
type confusion
CVE-2024-21345
CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »