Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
eventlog analyzer vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2018-7405
Cross-site scripting (XSS) in Zoho ManageEngine EventLog Analyzer prior to 11.12 Build 11120 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Zohocorp Manageengine Eventlog Analyzer
6.1
CVSSv3
CVE-2017-11687
Multiple Persistent cross-site scripting (XSS) vulnerabilities in Event log parsing and Display functions in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote malicious users to inject arbitrary web script or HTML via syslog.
Zohocorp Manageengine Eventlog Analyzer 11.5
Zohocorp Manageengine Eventlog Analyzer 11.4
6.1
CVSSv3
CVE-2017-11685
Multiple Reflective cross-site scripting (XSS) vulnerabilities in search and display of event data in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote malicious users to inject arbitrary web script or HTML, as demonstrated by the fName parameter.
Zohocorp Manageengine Eventlog Analyzer 11.5
Zohocorp Manageengine Eventlog Analyzer 11.4
6.1
CVSSv3
CVE-2017-11686
Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allows remote malicious users to obtain an authenticated user's password via XSS vulnerabilities or sniffing non-SSL traffic on the network, because the password is represented in a cookie with a reversible encoding method.
Zohocorp Manageengine Eventlog Analyzer 11.5
Zohocorp Manageengine Eventlog Analyzer 11.4
NA
CVE-2015-7387
ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and previous versions allows remote malicious users to bypass intended restrictions and execute arbitrary SQL commands via an allowed query followed by a disallowed one in the query parameter to event/runQuery.do, as demonstrat...
Zohocorp Manageengine Eventlog Analyzer
2 EDB exploits
NA
CVE-2014-6037
Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 allows remote malicious users to execute arbitrary code by uploading a ZIP file which contains an executable file with .. (dot dot) sequences in i...
Zohocorp Manageengine Eventlog Analyzer 9.0
Zohocorp Manageengine Eventlog Analyzer 8.2
2 EDB exploits
NA
CVE-2014-6043
ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 does not properly restrict access to the database browser, which allows remote authenticated users to obtain access to the database via a direct request to event/runQuery.do. Fixed in Build 10000.
Zohocorp Manageengine Eventlog Analyzer 9.0
Zohocorp Manageengine Eventlog Analyzer 8.2
1 EDB exploit
NA
CVE-2014-4930
Multiple cross-site scripting (XSS) vulnerabilities in event/index2.do in ManageEngine EventLog Analyzer prior to 9.0 build 9002 allow remote malicious users to inject arbitrary web script or HTML via the (1) width, (2) height, (3) url, (4) helpP, (5) tab, (6) module, (7) complet...
Zohocorp Manageengine Eventlog Analyzer
Zohocorp Manageengine Eventlog Analyzer 7.0
NA
CVE-2014-5103
Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine EventLog Analyzer 9 build 9000 allows remote malicious users to inject arbitrary web script or HTML via the j_username parameter to event/j_security_check. Fixed in Version 10 Build 10000.
Zohocorp Manageengine Eventlog Analyzer 9.0
NA
CVE-2010-4840
Multiple buffer overflows in the Syslog server in ManageEngine EventLog Analyzer 6.1 allow remote malicious users to cause a denial of service (SysEvttCol.exe process crash) or possibly execute arbitrary code via a long Syslog PRI message header to UDP port (1) 513 or (2) 514. Fi...
Manageengine Eventlog Analyzer 6.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »