Vulnerabilities > Netsweeper > Netsweeper

DATE CVE VULNERABILITY TITLE RISK
2020-05-19 CVE-2020-13167 Injection vulnerability in Netsweeper
Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php (with certain Referer headers) launches a command line with client-supplied parameters, and allows injection of shell metacharacters.
network
low complexity
netsweeper CWE-74
7.5
2020-02-19 CVE-2014-9617 Open Redirect vulnerability in Netsweeper
Open redirect vulnerability in remotereporter/load_logfiles.php in Netsweeper before 4.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.
5.8
2020-02-19 CVE-2014-9615 Cross-site Scripting vulnerability in Netsweeper 4.0.4
Cross-site scripting (XSS) vulnerability in Netsweeper 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter to webadmin/deny/index.php.
network
netsweeper CWE-79
4.3
2020-02-19 CVE-2014-9614 Use of Hard-coded Credentials vulnerability in Netsweeper
The Web Panel in Netsweeper before 4.0.5 has a default password of branding for the branding account, which makes it easier for remote attackers to obtain access via a request to webadmin/.
network
low complexity
netsweeper CWE-798
7.5
2020-02-19 CVE-2014-9613 SQL Injection vulnerability in Netsweeper
Multiple SQL injection vulnerabilities in Netsweeper before 2.6.29.10 allow remote attackers to execute arbitrary SQL commands via the (1) login parameter to webadmin/auth/verification.php or (2) dpid parameter to webadmin/deny/index.php.
network
low complexity
netsweeper CWE-89
7.5
2020-02-19 CVE-2014-9612 SQL Injection vulnerability in Netsweeper
SQL injection vulnerability in remotereporter/load_logfiles.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to execute arbitrary SQL commands via the server parameter.
network
low complexity
netsweeper CWE-89
7.5
2020-02-19 CVE-2014-9609 Path Traversal vulnerability in Netsweeper
Directory traversal vulnerability in webadmin/reporter/view_server_log.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to list directory contents via a ..
network
low complexity
netsweeper CWE-22
5.0
2020-02-19 CVE-2014-9608 Cross-site Scripting vulnerability in Netsweeper
Cross-site scripting (XSS) vulnerability in webadmin/policy/group_table_ajax.php/ in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
network
netsweeper CWE-79
4.3
2020-02-19 CVE-2014-9607 Cross-site Scripting vulnerability in Netsweeper 4.0.3/4.0.4
Cross-site scripting (XSS) vulnerability in remotereporter/load_logfiles.php in Netsweeper 4.0.3 and 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter.
network
netsweeper CWE-79
4.3
2020-02-19 CVE-2014-9606 Cross-site Scripting vulnerability in Netsweeper
Multiple cross-site scripting (XSS) vulnerabilities in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) server parameter to remotereporter/load_logfiles.php, (2) customctid parameter to webadmin/policy/category_table_ajax.php, (3) urllist parameter to webadmin/alert/alert.php, (4) QUERY_STRING to webadmin/ajaxfilemanager/ajax_get_file_listing.php, or (5) PATH_INFO to webadmin/policy/policy_table_ajax.php/.
network
netsweeper CWE-79
4.3