CVE-2023-47211

< 12.7

A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted

9.1CRITICAL

CVE-2023-6105

< 12.5

An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed.

5.5MEDIUM

CVE-2022-38772

all versions

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 12

8.8HIGH

CVE-2022-37024

all versions

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 20

8.8HIGH

CVE-2022-36923

all versions

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, an

7.5HIGH

CVE-2022-35404

< 12.5

ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory

8.2HIGH

CVE-2019-12133

all versions

Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\Manag

7.8HIGH

CVE-2019-12196

all versions

A SQL injection vulnerability in /client/api/json/v2/nfareports/compareReport in Zoho ManageEngine NetFlow Analyzer 12.3 allows at

9.8CRITICAL

CVE-2019-8929

all versions

An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow

6.1MEDIUM

CVE-2019-8928

all versions

An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in /netflow/jspui/userManagementFor

6.1MEDIUM

CVE-2019-8927

all versions

An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow

6.1MEDIUM

CVE-2019-8926

all versions

An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow

6.1MEDIUM

CVE-2019-8925

all versions

An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. An Absolute Path Traversal vulnerability in th

4.3MEDIUM

CVE-2019-7427

all versions

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertCon

6.1MEDIUM

CVE-2019-7426

all versions

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertCon

6.1MEDIUM

CVE-2019-7425

all versions

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertCon

6.1MEDIUM

CVE-2019-7424

all versions

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/index.jsp" file

6.1MEDIUM

CVE-2019-7423

all versions

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/editProfile.jsp"

6.1MEDIUM

CVE-2019-7422

all versions

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/addMailSettings.

6.1MEDIUM

CVE-2018-12998

all versions

A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configurat

6.1MEDIUM

CVE-2018-12997

all versions

Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration

7.5HIGH

CVE-2018-10803

>= 12.3 and < 12.3.125

Cross-site scripting (XSS) vulnerability in the add credentials functionality in Zoho ManageEngine NetFlow Analyzer v12.3 before 1

6.1MEDIUM

CVE-2015-4418

all versions

Zoho NetFlow Analyzer build 10250 and earlier does not have an off autocomplete attribute for a password field, which makes it eas

CVE-2015-2961

all versions

Cross-site request forgery (CSRF) vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to hijack

CVE-2015-2960

all versions

Cross-site scripting (XSS) vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to inject arbitr

CVE-2015-2959

all versions

Zoho NetFlow Analyzer build 10250 and earlier does not check for administrative authorization, which allows remote attackers to ob

CVE-2014-9373

all versions

Directory traversal vulnerability in the CollectorConfInfoServlet servlet in ManageEngine NetFlow Analyzer allows remote attackers

CVE-2014-5446

all versions

Directory traversal vulnerability in the DisplayChartPDF servlet in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360

CVE-2014-5445

>= 8.6 and <= 10.2

Multiple absolute path traversal vulnerabilities in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allow remot

CVE-2009-3903

all versions

Multiple cross-site scripting (XSS) vulnerabilities in jspui/index.jsp in ManageEngine Netflow Analyzer 7.5 build 7500 allow remot

CVE-2007-3594

all versions

Multiple cross-site scripting (XSS) vulnerabilities in AdventNet ManageEngine OpManager 6 and 7 allow remote attackers to inject a

CVE-2007-3593

all versions

Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine NetFlow Analyzer 5 allow remote attackers to inject arbitrary

CVE-2005-3522

all versions

Cross-site scripting (XSS) vulnerability in index.jsp in ManageEngine Netflow Analyzer 4.0.2 allows remote attackers to inject arb