Vulnerabilities > Netsweeper

DATE	CVE	VULNERABILITY TITLE	RISK
2020-05-19	CVE-2020-13167	OS Command Injection vulnerability in Netsweeper Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php (with certain Referer headers) launches a command line with client-supplied parameters, and allows injection of shell metacharacters. network low complexity netsweeper CWE-78 critical	9.8
2020-02-19	CVE-2014-9617	Open Redirect vulnerability in Netsweeper Open redirect vulnerability in remotereporter/load_logfiles.php in Netsweeper before 4.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. network low complexity netsweeper CWE-601	6.1
2020-02-19	CVE-2014-9615	Cross-site Scripting vulnerability in Netsweeper 4.0.4 Cross-site scripting (XSS) vulnerability in Netsweeper 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter to webadmin/deny/index.php. network low complexity netsweeper CWE-79	6.1
2020-02-19	CVE-2014-9614	Use of Hard-coded Credentials vulnerability in Netsweeper The Web Panel in Netsweeper before 4.0.5 has a default password of branding for the branding account, which makes it easier for remote attackers to obtain access via a request to webadmin/. network low complexity netsweeper CWE-798 critical	9.8
2020-02-19	CVE-2014-9613	SQL Injection vulnerability in Netsweeper Multiple SQL injection vulnerabilities in Netsweeper before 2.6.29.10 allow remote attackers to execute arbitrary SQL commands via the (1) login parameter to webadmin/auth/verification.php or (2) dpid parameter to webadmin/deny/index.php. network low complexity netsweeper CWE-89 critical	9.8
2020-02-19	CVE-2014-9612	SQL Injection vulnerability in Netsweeper SQL injection vulnerability in remotereporter/load_logfiles.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to execute arbitrary SQL commands via the server parameter. network low complexity netsweeper CWE-89 critical	9.8
2020-02-19	CVE-2014-9609	Path Traversal vulnerability in Netsweeper Directory traversal vulnerability in webadmin/reporter/view_server_log.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to list directory contents via a .. network low complexity netsweeper CWE-22	5.3
2020-02-19	CVE-2014-9608	Cross-site Scripting vulnerability in Netsweeper Cross-site scripting (XSS) vulnerability in webadmin/policy/group_table_ajax.php/ in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. network low complexity netsweeper CWE-79	6.1
2020-02-19	CVE-2014-9607	Cross-site Scripting vulnerability in Netsweeper 4.0.3/4.0.4 Cross-site scripting (XSS) vulnerability in remotereporter/load_logfiles.php in Netsweeper 4.0.3 and 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter. network low complexity netsweeper CWE-79	6.1
2020-02-19	CVE-2014-9606	Cross-site Scripting vulnerability in Netsweeper Multiple cross-site scripting (XSS) vulnerabilities in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) server parameter to remotereporter/load_logfiles.php, (2) customctid parameter to webadmin/policy/category_table_ajax.php, (3) urllist parameter to webadmin/alert/alert.php, (4) QUERY_STRING to webadmin/ajaxfilemanager/ajax_get_file_listing.php, or (5) PATH_INFO to webadmin/policy/policy_table_ajax.php/. network low complexity netsweeper CWE-79	6.1

Vulnerabilities > Netsweeper {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Netsweeper"}]}

Vulnerabilities > Netsweeper