Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:netsweeper:netsweeper:2.6.29.11:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2020-13167 |
Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php (with certain Referer headers) launches a command line with client-supplied parameters, and allows injection of shell metacharacters. Published: May 19, 2020; 4:15:10 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2014-9617 |
Open redirect vulnerability in remotereporter/load_logfiles.php in Netsweeper before 4.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. Published: February 19, 2020; 4:15:11 PM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 5.8 MEDIUM |
CVE-2014-9614 |
The Web Panel in Netsweeper before 4.0.5 has a default password of branding for the branding account, which makes it easier for remote attackers to obtain access via a request to webadmin/. Published: February 19, 2020; 3:15:13 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2014-9612 |
SQL injection vulnerability in remotereporter/load_logfiles.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to execute arbitrary SQL commands via the server parameter. Published: February 19, 2020; 3:15:13 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2014-9609 |
Directory traversal vulnerability in webadmin/reporter/view_server_log.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to list directory contents via a .. (dot dot) in the log parameter in a stats action. Published: February 19, 2020; 3:15:13 PM -0500 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2014-9608 |
Cross-site scripting (XSS) vulnerability in webadmin/policy/group_table_ajax.php/ in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. Published: February 19, 2020; 3:15:13 PM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2014-9606 |
Multiple cross-site scripting (XSS) vulnerabilities in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) server parameter to remotereporter/load_logfiles.php, (2) customctid parameter to webadmin/policy/category_table_ajax.php, (3) urllist parameter to webadmin/alert/alert.php, (4) QUERY_STRING to webadmin/ajaxfilemanager/ajax_get_file_listing.php, or (5) PATH_INFO to webadmin/policy/policy_table_ajax.php/. Published: February 19, 2020; 3:15:13 PM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2014-9619 |
Unrestricted file upload vulnerability in webadmin/ajaxfilemanager/ajaxfilemanager.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote authenticated users with admin privileges on the Cloud Manager web console to execute arbitrary PHP code by uploading a file with a double extension, then accessing it via a direct request to the file in webadmin/deny/images/, as demonstrated by secuid0.php.gif. Published: September 19, 2017; 11:29:00 AM -0400 |
V4.0:(not available) V3.0: 7.2 HIGH V2.0: 6.5 MEDIUM |
CVE-2014-9618 |
The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and subsequently create arbitrary profiles via a showdeny action to the default URL. Published: September 19, 2017; 11:29:00 AM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2014-9616 |
Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to obtain sensitive information by making a request that redirects to the deny page. Published: September 19, 2017; 11:29:00 AM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2014-9611 |
Netsweeper before 4.0.5 allows remote attackers to bypass authentication and create arbitrary accounts and policies via a request to webadmin/nslam/index.php. Published: September 19, 2017; 11:29:00 AM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2014-9610 |
Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and remove IP addresses from the quarantine via the ip parameter to webadmin/user/quarantine_disable.php. Published: September 19, 2017; 11:29:00 AM -0400 |
V4.0:(not available) V3.0: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2012-3859 |
Unspecified vulnerability in the WebAdmin Portal in Netsweeper has unknown impact and attack vectors, a different vulnerability than CVE-2012-2446 and CVE-2012-2447. Published: July 09, 2012; 2:55:01 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2012-2447 |
Cross-site request forgery (CSRF) vulnerability in accountmgr/adminupdate.php in the WebAdmin Portal in Netsweeper allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts via an add action. Published: July 09, 2012; 2:55:00 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2012-2446 |
Cross-site scripting (XSS) vulnerability in tools/local_lookup.php in the WebAdmin Portal in Netsweeper allows remote attackers to inject arbitrary web script or HTML via the group parameter in a lookup action. Published: July 09, 2012; 2:55:00 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |