Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
eventlog analyzer vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-4930
Multiple cross-site scripting (XSS) vulnerabilities in event/index2.do in ManageEngine EventLog Analyzer prior to 9.0 build 9002 allow remote malicious users to inject arbitrary web script or HTML via the (1) width, (2) height, (3) url, (4) helpP, (5) tab, (6) module, (7) complet...
Zohocorp Manageengine Eventlog Analyzer
Zohocorp Manageengine Eventlog Analyzer 7.0
NA
CVE-2014-6037
Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 allows remote malicious users to execute arbitrary code by uploading a ZIP file which contains an executable file with .. (dot dot) sequences in i...
Zohocorp Manageengine Eventlog Analyzer 9.0
Zohocorp Manageengine Eventlog Analyzer 8.2
2 EDB exploits
NA
CVE-2014-6043
ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 does not properly restrict access to the database browser, which allows remote authenticated users to obtain access to the database via a direct request to event/runQuery.do. Fixed in Build 10000.
Zohocorp Manageengine Eventlog Analyzer 9.0
Zohocorp Manageengine Eventlog Analyzer 8.2
1 EDB exploit
6.1
CVSSv3
CVE-2017-11685
Multiple Reflective cross-site scripting (XSS) vulnerabilities in search and display of event data in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote malicious users to inject arbitrary web script or HTML, as demonstrated by the fName parameter.
Zohocorp Manageengine Eventlog Analyzer 11.5
Zohocorp Manageengine Eventlog Analyzer 11.4
6.1
CVSSv3
CVE-2017-11686
Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allows remote malicious users to obtain an authenticated user's password via XSS vulnerabilities or sniffing non-SSL traffic on the network, because the password is represented in a cookie with a reversible encoding method.
Zohocorp Manageengine Eventlog Analyzer 11.5
Zohocorp Manageengine Eventlog Analyzer 11.4
6.1
CVSSv3
CVE-2017-11687
Multiple Persistent cross-site scripting (XSS) vulnerabilities in Event log parsing and Display functions in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote malicious users to inject arbitrary web script or HTML via syslog.
Zohocorp Manageengine Eventlog Analyzer 11.5
Zohocorp Manageengine Eventlog Analyzer 11.4
NA
CVE-2007-6081
AdventNet EventLog Analyzer build 4030 for Windows, and possibly other versions and platforms, installs a mysql instance with a default "root" account without a password, which allows remote malicious users to gain privileges and modify logs. Fixed in EventLog Analyzer ...
Adventnet Eventlog Analyzer Build 4030
7.5
CVSSv3
CVE-2014-6039
ManageEngine EventLog Analyzer version 7 up to and including 9.9 build 9002 has a Credentials Disclosure Vulnerability. Fixed version 10 Build 10000.
Zohocorp Manageengine Eventlog Analyzer
1 EDB exploit
2 Metasploit modules
NA
CVE-2008-1538
Cross-site scripting (XSS) vulnerability in searchAction.do in ManageEngine EventLog Analyzer 5 allows remote malicious users to inject arbitrary web script or HTML via the searchText parameter. NOTE: the provenance of this information is unknown; the details are obtained solely ...
Manageengine Eventlog Analyzer 5
7.5
CVSSv3
CVE-2014-6038
Zoho ManageEngine EventLog Analyzer versions 7 up to and including 9.9 build 9002 have a database Information Disclosure Vulnerability. Fixed in EventLog Analyzer 10.0 Build 10000.
Zohocorp Manageengine Eventlog Analyzer
1 EDB exploit
2 Metasploit modules
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »