Vulnerabilities > Netsweeper > Netsweeper > 4.0.5

DATE CVE VULNERABILITY TITLE RISK
2020-05-19 CVE-2020-13167 Injection vulnerability in Netsweeper
Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php (with certain Referer headers) launches a command line with client-supplied parameters, and allows injection of shell metacharacters.
network
low complexity
netsweeper CWE-74
7.5
2020-02-19 CVE-2014-9612 SQL Injection vulnerability in Netsweeper
SQL injection vulnerability in remotereporter/load_logfiles.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to execute arbitrary SQL commands via the server parameter.
network
low complexity
netsweeper CWE-89
7.5
2020-02-19 CVE-2014-9609 Path Traversal vulnerability in Netsweeper
Directory traversal vulnerability in webadmin/reporter/view_server_log.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to list directory contents via a ..
network
low complexity
netsweeper CWE-22
5.0
2020-02-19 CVE-2014-9608 Cross-site Scripting vulnerability in Netsweeper
Cross-site scripting (XSS) vulnerability in webadmin/policy/group_table_ajax.php/ in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
network
netsweeper CWE-79
4.3
2020-02-19 CVE-2014-9606 Cross-site Scripting vulnerability in Netsweeper
Multiple cross-site scripting (XSS) vulnerabilities in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) server parameter to remotereporter/load_logfiles.php, (2) customctid parameter to webadmin/policy/category_table_ajax.php, (3) urllist parameter to webadmin/alert/alert.php, (4) QUERY_STRING to webadmin/ajaxfilemanager/ajax_get_file_listing.php, or (5) PATH_INFO to webadmin/policy/policy_table_ajax.php/.
network
netsweeper CWE-79
4.3
2017-09-19 CVE-2014-9619 Unrestricted Upload of File with Dangerous Type vulnerability in Netsweeper
Unrestricted file upload vulnerability in webadmin/ajaxfilemanager/ajaxfilemanager.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote authenticated users with admin privileges on the Cloud Manager web console to execute arbitrary PHP code by uploading a file with a double extension, then accessing it via a direct request to the file in webadmin/deny/images/, as demonstrated by secuid0.php.gif.
network
low complexity
netsweeper CWE-434
6.5
2017-09-19 CVE-2014-9618 Improper Authentication vulnerability in Netsweeper
The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and subsequently create arbitrary profiles via a showdeny action to the default URL.
network
low complexity
netsweeper CWE-287
7.5
2017-09-19 CVE-2014-9616 Information Exposure vulnerability in Netsweeper
Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to obtain sensitive information by making a request that redirects to the deny page.
network
low complexity
netsweeper CWE-200
5.0
2017-09-19 CVE-2014-9610 Permissions, Privileges, and Access Controls vulnerability in Netsweeper
Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and remove IP addresses from the quarantine via the ip parameter to webadmin/user/quarantine_disable.php.
network
low complexity
netsweeper CWE-264
5.0
2015-09-04 CVE-2014-9605 Improper Authentication vulnerability in Netsweeper
WebUpgrade in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and create a system backup tarball, restart the server, or stop the filters on the server via a ' (single quote) character in the login and password parameters to webupgrade/webupgrade.php.
network
low complexity
netsweeper CWE-287
critical
9.4