Vulnerabilities > Netsweeper > Netsweeper > 3.1.12
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-19 | CVE-2020-13167 | OS Command Injection vulnerability in Netsweeper Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php (with certain Referer headers) launches a command line with client-supplied parameters, and allows injection of shell metacharacters. | 9.8 |
| 2020-02-19 | CVE-2014-9617 | Open Redirect vulnerability in Netsweeper Open redirect vulnerability in remotereporter/load_logfiles.php in Netsweeper before 4.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. | 6.1 |
| 2020-02-19 | CVE-2014-9614 | Use of Hard-coded Credentials vulnerability in Netsweeper The Web Panel in Netsweeper before 4.0.5 has a default password of branding for the branding account, which makes it easier for remote attackers to obtain access via a request to webadmin/. | 9.8 |
| 2017-09-19 | CVE-2014-9611 | Improper Authentication vulnerability in Netsweeper Netsweeper before 4.0.5 allows remote attackers to bypass authentication and create arbitrary accounts and policies via a request to webadmin/nslam/index.php. | 9.8 |