Search criteria

6 vulnerabilities by adventnet

CVE-2007-6081 (GCVE-0-2007-6081)

Vulnerability from cvelistv5 – Published: 2007-11-21 23:00 – Updated: 2024-08-07 15:54
VLAI
Summary
AdventNet EventLog Analyzer build 4030 for Windows, and possibly other versions and platforms, installs a mysql instance with a default "root" account without a password, which allows remote attackers to gain privileges and modify logs. Fixed in EventLog Analyzer Build 6000.
Severity
No CVSS data available.
CWE
  • n/a
Assigner
References
URL Tags
http://osvdb.org/42423 vdb-entryx_refsource_OSVDB
http://forums.adventnet.com/viewtopic.php?t=247521 x_refsource_CONFIRM
http://www.securityfocus.com/bid/26304 vdb-entryx_refsource_BID
http://secunia.com/advisories/27833 third-party-advisoryx_refsource_SECUNIA
Date Public
2007-11-02 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:54:26.334Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "42423",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/42423"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://forums.adventnet.com/viewtopic.php?t=247521"
          },
          {
            "name": "26304",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26304"
          },
          {
            "name": "27833",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27833"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-11-02T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "AdventNet EventLog Analyzer build 4030 for Windows, and possibly other versions and platforms, installs a mysql instance with a default \"root\" account without a password, which allows remote attackers to gain privileges and modify logs. Fixed in EventLog Analyzer Build 6000."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-26T14:43:51.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "42423",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/42423"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://forums.adventnet.com/viewtopic.php?t=247521"
        },
        {
          "name": "26304",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26304"
        },
        {
          "name": "27833",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27833"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-6081",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "AdventNet EventLog Analyzer build 4030 for Windows, and possibly other versions and platforms, installs a mysql instance with a default \"root\" account without a password, which allows remote attackers to gain privileges and modify logs. Fixed in EventLog Analyzer Build 6000."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "42423",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/42423"
            },
            {
              "name": "http://forums.adventnet.com/viewtopic.php?t=247521",
              "refsource": "CONFIRM",
              "url": "http://forums.adventnet.com/viewtopic.php?t=247521"
            },
            {
              "name": "26304",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26304"
            },
            {
              "name": "27833",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27833"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-6081",
    "datePublished": "2007-11-21T23:00:00.000Z",
    "dateReserved": "2007-11-21T00:00:00.000Z",
    "dateUpdated": "2024-08-07T15:54:26.334Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2007-3594 (GCVE-0-2007-3594)

Vulnerability from cvelistv5 – Published: 2007-07-06 18:00 – Updated: 2024-08-07 14:21
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in AdventNet ManageEngine OpManager 6 and 7 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in (a) ping.do and (b) traceRoute.do in map/; the (2) reportName, (3) displayName, and (4) selectedNode parameters to (c) reports/ReportViewAction.do; the (5) operation parameter to (d) admin/ServiceConfiguration.do; and the (6) selectedNode and (7) selectedTab parameters to (e) admin/DeviceAssociation.do. NOTE: the searchTerm parameter in Search.do is already covered by CVE-2006-2343.
Severity
No CVSS data available.
CWE
  • n/a
Assigner
References
URL Tags
http://www.securityfocus.com/bid/24767 vdb-entryx_refsource_BID
http://osvdb.org/38949 vdb-entryx_refsource_OSVDB
http://osvdb.org/37825 vdb-entryx_refsource_OSVDB
http://lostmon.blogspot.com/2007/07/netflow-anali… x_refsource_MISC
http://osvdb.org/38947 vdb-entryx_refsource_OSVDB
http://osvdb.org/37821 vdb-entryx_refsource_OSVDB
http://osvdb.org/38946 vdb-entryx_refsource_OSVDB
http://osvdb.org/37824 vdb-entryx_refsource_OSVDB
http://osvdb.org/37822 vdb-entryx_refsource_OSVDB
http://osvdb.org/38945 vdb-entryx_refsource_OSVDB
http://osvdb.org/38948 vdb-entryx_refsource_OSVDB
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://osvdb.org/37823 vdb-entryx_refsource_OSVDB
Date Public
2007-07-04 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:21:36.387Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "24767",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/24767"
          },
          {
            "name": "38949",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/38949"
          },
          {
            "name": "37825",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37825"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://lostmon.blogspot.com/2007/07/netflow-analizer-5-opmanager-7-multiple.html"
          },
          {
            "name": "38947",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/38947"
          },
          {
            "name": "37821",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37821"
          },
          {
            "name": "38946",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/38946"
          },
          {
            "name": "37824",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37824"
          },
          {
            "name": "37822",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37822"
          },
          {
            "name": "38945",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/38945"
          },
          {
            "name": "38948",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/38948"
          },
          {
            "name": "netflowanalyzer-opmanager-multiple-xss(35263)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35263"
          },
          {
            "name": "37823",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37823"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-07-04T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in AdventNet ManageEngine OpManager 6 and 7 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in (a) ping.do and (b) traceRoute.do in map/; the (2) reportName, (3) displayName, and (4) selectedNode parameters to (c) reports/ReportViewAction.do; the (5) operation parameter to (d) admin/ServiceConfiguration.do; and the (6) selectedNode and (7) selectedTab parameters to (e) admin/DeviceAssociation.do.  NOTE: the searchTerm parameter in Search.do is already covered by CVE-2006-2343."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "24767",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/24767"
        },
        {
          "name": "38949",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/38949"
        },
        {
          "name": "37825",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37825"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://lostmon.blogspot.com/2007/07/netflow-analizer-5-opmanager-7-multiple.html"
        },
        {
          "name": "38947",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/38947"
        },
        {
          "name": "37821",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37821"
        },
        {
          "name": "38946",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/38946"
        },
        {
          "name": "37824",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37824"
        },
        {
          "name": "37822",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37822"
        },
        {
          "name": "38945",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/38945"
        },
        {
          "name": "38948",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/38948"
        },
        {
          "name": "netflowanalyzer-opmanager-multiple-xss(35263)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35263"
        },
        {
          "name": "37823",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37823"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-3594",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in AdventNet ManageEngine OpManager 6 and 7 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in (a) ping.do and (b) traceRoute.do in map/; the (2) reportName, (3) displayName, and (4) selectedNode parameters to (c) reports/ReportViewAction.do; the (5) operation parameter to (d) admin/ServiceConfiguration.do; and the (6) selectedNode and (7) selectedTab parameters to (e) admin/DeviceAssociation.do.  NOTE: the searchTerm parameter in Search.do is already covered by CVE-2006-2343."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "24767",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/24767"
            },
            {
              "name": "38949",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/38949"
            },
            {
              "name": "37825",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37825"
            },
            {
              "name": "http://lostmon.blogspot.com/2007/07/netflow-analizer-5-opmanager-7-multiple.html",
              "refsource": "MISC",
              "url": "http://lostmon.blogspot.com/2007/07/netflow-analizer-5-opmanager-7-multiple.html"
            },
            {
              "name": "38947",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/38947"
            },
            {
              "name": "37821",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37821"
            },
            {
              "name": "38946",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/38946"
            },
            {
              "name": "37824",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37824"
            },
            {
              "name": "37822",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37822"
            },
            {
              "name": "38945",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/38945"
            },
            {
              "name": "38948",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/38948"
            },
            {
              "name": "netflowanalyzer-opmanager-multiple-xss(35263)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35263"
            },
            {
              "name": "37823",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37823"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-3594",
    "datePublished": "2007-07-06T18:00:00.000Z",
    "dateReserved": "2007-07-06T00:00:00.000Z",
    "dateUpdated": "2024-08-07T14:21:36.387Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2007-3593 (GCVE-0-2007-3593)

Vulnerability from cvelistv5 – Published: 2007-07-06 18:00 – Updated: 2024-08-07 14:21
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine NetFlow Analyzer 5 allow remote attackers to inject arbitrary web script or HTML via the (1) alpha parameter in (a) netflow/jspui/applicationList.jsp, the (2) task parameter in (b) netflow/jspui/appConfig.jsp, the (3) view parameter in (c) netflow/jspui/index.jsp, and the (4) rtype parameter in (d) netflow/jspui/selectDevice.jsp and (e) netflow/jspui/customReport.jsp. NOTE: it was later reported that vector 3 also affects 7.5 build 7500.
Severity
No CVSS data available.
CWE
  • n/a
Assigner
References
URL Tags
http://lostmon.blogspot.com/2007/07/netflow-anali… x_refsource_MISC
http://osvdb.org/37827 vdb-entryx_refsource_OSVDB
http://osvdb.org/37828 vdb-entryx_refsource_OSVDB
http://osvdb.org/37830 vdb-entryx_refsource_OSVDB
http://osvdb.org/37829 vdb-entryx_refsource_OSVDB
http://osvdb.org/37826 vdb-entryx_refsource_OSVDB
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://secunia.com/advisories/25947 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/24766 vdb-entryx_refsource_BID
Date Public
2007-07-04 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:21:36.413Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://lostmon.blogspot.com/2007/07/netflow-analizer-5-opmanager-7-multiple.html"
          },
          {
            "name": "37827",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37827"
          },
          {
            "name": "37828",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37828"
          },
          {
            "name": "37830",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37830"
          },
          {
            "name": "37829",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37829"
          },
          {
            "name": "37826",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37826"
          },
          {
            "name": "netflowanalyzer-opmanager-multiple-xss(35263)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35263"
          },
          {
            "name": "25947",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25947"
          },
          {
            "name": "24766",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/24766"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-07-04T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine NetFlow Analyzer 5 allow remote attackers to inject arbitrary web script or HTML via the (1) alpha parameter in (a) netflow/jspui/applicationList.jsp, the (2) task parameter in (b) netflow/jspui/appConfig.jsp, the (3) view parameter in (c) netflow/jspui/index.jsp, and the (4) rtype parameter in (d) netflow/jspui/selectDevice.jsp and (e) netflow/jspui/customReport.jsp. NOTE: it was later reported that vector 3 also affects 7.5 build 7500."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://lostmon.blogspot.com/2007/07/netflow-analizer-5-opmanager-7-multiple.html"
        },
        {
          "name": "37827",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37827"
        },
        {
          "name": "37828",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37828"
        },
        {
          "name": "37830",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37830"
        },
        {
          "name": "37829",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37829"
        },
        {
          "name": "37826",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37826"
        },
        {
          "name": "netflowanalyzer-opmanager-multiple-xss(35263)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35263"
        },
        {
          "name": "25947",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25947"
        },
        {
          "name": "24766",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/24766"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-3593",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine NetFlow Analyzer 5 allow remote attackers to inject arbitrary web script or HTML via the (1) alpha parameter in (a) netflow/jspui/applicationList.jsp, the (2) task parameter in (b) netflow/jspui/appConfig.jsp, the (3) view parameter in (c) netflow/jspui/index.jsp, and the (4) rtype parameter in (d) netflow/jspui/selectDevice.jsp and (e) netflow/jspui/customReport.jsp. NOTE: it was later reported that vector 3 also affects 7.5 build 7500."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://lostmon.blogspot.com/2007/07/netflow-analizer-5-opmanager-7-multiple.html",
              "refsource": "MISC",
              "url": "http://lostmon.blogspot.com/2007/07/netflow-analizer-5-opmanager-7-multiple.html"
            },
            {
              "name": "37827",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37827"
            },
            {
              "name": "37828",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37828"
            },
            {
              "name": "37830",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37830"
            },
            {
              "name": "37829",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37829"
            },
            {
              "name": "37826",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37826"
            },
            {
              "name": "netflowanalyzer-opmanager-multiple-xss(35263)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35263"
            },
            {
              "name": "25947",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25947"
            },
            {
              "name": "24766",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/24766"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-3593",
    "datePublished": "2007-07-06T18:00:00.000Z",
    "dateReserved": "2007-07-06T00:00:00.000Z",
    "dateUpdated": "2024-08-07T14:21:36.413Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-3842 (GCVE-0-2006-3842)

Vulnerability from cvelistv5 – Published: 2006-07-25 23:00 – Updated: 2024-08-07 18:48
VLAI
Summary
Cross-site scripting (XSS) vulnerability in Zoho Virtual Office 3.2 Build 3210 allows remote attackers to execute arbitrary web script or HTML via an HTML message.
Severity
No CVSS data available.
CWE
  • n/a
Assigner
References
URL Tags
http://www.securityfocus.com/archive/1/440417/100… mailing-listx_refsource_BUGTRAQ
http://secunia.com/advisories/21085 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/19016 vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://securityreason.com/securityalert/1273 third-party-advisoryx_refsource_SREASON
Date Public
2006-07-17 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:48:38.883Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20060717 Cross Site Scripting Vulnerability in Zoho Virtual Office",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/440417/100/0/threaded"
          },
          {
            "name": "21085",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21085"
          },
          {
            "name": "19016",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19016"
          },
          {
            "name": "zoho-html-xss(27818)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27818"
          },
          {
            "name": "1273",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/1273"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-07-17T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in Zoho Virtual Office 3.2 Build 3210 allows remote attackers to execute arbitrary web script or HTML via an HTML message."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-17T20:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20060717 Cross Site Scripting Vulnerability in Zoho Virtual Office",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/440417/100/0/threaded"
        },
        {
          "name": "21085",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21085"
        },
        {
          "name": "19016",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19016"
        },
        {
          "name": "zoho-html-xss(27818)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27818"
        },
        {
          "name": "1273",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/1273"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-3842",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in Zoho Virtual Office 3.2 Build 3210 allows remote attackers to execute arbitrary web script or HTML via an HTML message."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20060717 Cross Site Scripting Vulnerability in Zoho Virtual Office",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/440417/100/0/threaded"
            },
            {
              "name": "21085",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21085"
            },
            {
              "name": "19016",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19016"
            },
            {
              "name": "zoho-html-xss(27818)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27818"
            },
            {
              "name": "1273",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/1273"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-3842",
    "datePublished": "2006-07-25T23:00:00.000Z",
    "dateReserved": "2006-07-25T00:00:00.000Z",
    "dateUpdated": "2024-08-07T18:48:38.883Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-2343 (GCVE-0-2006-2343)

Vulnerability from cvelistv5 – Published: 2006-05-12 17:00 – Updated: 2024-08-07 17:43
VLAI
Summary
Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine OpManager 6.0 allows remote attackers to inject arbitrary web script or HTML via the searchTerm parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
Severity
No CVSS data available.
CWE
  • n/a
Assigner
References
URL Tags
http://secunia.com/advisories/20067 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/17944 vdb-entryx_refsource_BID
http://www.vupen.com/english/advisories/2006/1774 vdb-entryx_refsource_VUPEN
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
Date Public
2006-05-11 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T17:43:29.235Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20067",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20067"
          },
          {
            "name": "17944",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/17944"
          },
          {
            "name": "ADV-2006-1774",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/1774"
          },
          {
            "name": "manageengineopmanager-search-xss(26381)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26381"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-05-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine OpManager 6.0 allows remote attackers to inject arbitrary web script or HTML via the searchTerm parameter.  NOTE: the provenance of this information is unknown; the details are obtained from third party information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T15:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20067",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20067"
        },
        {
          "name": "17944",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/17944"
        },
        {
          "name": "ADV-2006-1774",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/1774"
        },
        {
          "name": "manageengineopmanager-search-xss(26381)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26381"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-2343",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine OpManager 6.0 allows remote attackers to inject arbitrary web script or HTML via the searchTerm parameter.  NOTE: the provenance of this information is unknown; the details are obtained from third party information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20067",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20067"
            },
            {
              "name": "17944",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/17944"
            },
            {
              "name": "ADV-2006-1774",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/1774"
            },
            {
              "name": "manageengineopmanager-search-xss(26381)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26381"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-2343",
    "datePublished": "2006-05-12T17:00:00.000Z",
    "dateReserved": "2006-05-12T00:00:00.000Z",
    "dateUpdated": "2024-08-07T17:43:29.235Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2005-3522 (GCVE-0-2005-3522)

Vulnerability from cvelistv5 – Published: 2005-11-06 11:00 – Updated: 2024-08-07 23:17
VLAI
Summary
Cross-site scripting (XSS) vulnerability in index.jsp in ManageEngine Netflow Analyzer 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the grDisp parameter.
Severity
No CVSS data available.
CWE
  • n/a
Assigner
References
URL Tags
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://www.securityfocus.com/bid/15127 vdb-entryx_refsource_BID
http://securitytracker.com/id?1015078 vdb-entryx_refsource_SECTRACK
http://marc.info/?l=bugtraq&m=112967149509401&w=2 mailing-listx_refsource_BUGTRAQ
http://secunia.com/advisories/17253/ third-party-advisoryx_refsource_SECUNIA
http://www.osvdb.org/20073 vdb-entryx_refsource_OSVDB
Date Public
2005-10-18 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T23:17:23.074Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "netflowanalyzer4-index-xss(22788)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22788"
          },
          {
            "name": "15127",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/15127"
          },
          {
            "name": "1015078",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015078"
          },
          {
            "name": "20051018 NetFlow Analyzer 4 XSS Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=112967149509401\u0026w=2"
          },
          {
            "name": "17253",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17253/"
          },
          {
            "name": "20073",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/20073"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-10-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in index.jsp in ManageEngine Netflow Analyzer 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the grDisp parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "netflowanalyzer4-index-xss(22788)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22788"
        },
        {
          "name": "15127",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/15127"
        },
        {
          "name": "1015078",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015078"
        },
        {
          "name": "20051018 NetFlow Analyzer 4 XSS Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=112967149509401\u0026w=2"
        },
        {
          "name": "17253",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17253/"
        },
        {
          "name": "20073",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/20073"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-3522",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in index.jsp in ManageEngine Netflow Analyzer 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the grDisp parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "netflowanalyzer4-index-xss(22788)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22788"
            },
            {
              "name": "15127",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/15127"
            },
            {
              "name": "1015078",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1015078"
            },
            {
              "name": "20051018 NetFlow Analyzer 4 XSS Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=112967149509401\u0026w=2"
            },
            {
              "name": "17253",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17253/"
            },
            {
              "name": "20073",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/20073"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-3522",
    "datePublished": "2005-11-06T11:00:00.000Z",
    "dateReserved": "2005-11-06T00:00:00.000Z",
    "dateUpdated": "2024-08-07T23:17:23.074Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}