Vulnerabilities > Netsweeper > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-02-19 CVE-2014-9617 Open Redirect vulnerability in Netsweeper
Open redirect vulnerability in remotereporter/load_logfiles.php in Netsweeper before 4.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.
network
low complexity
netsweeper CWE-601
6.1
6.1
2020-02-19 CVE-2014-9615 Cross-site Scripting vulnerability in Netsweeper 4.0.4
Cross-site scripting (XSS) vulnerability in Netsweeper 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter to webadmin/deny/index.php.
network
low complexity
netsweeper CWE-79
6.1
6.1
2020-02-19 CVE-2014-9609 Path Traversal vulnerability in Netsweeper
Directory traversal vulnerability in webadmin/reporter/view_server_log.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to list directory contents via a ..
network
low complexity
netsweeper CWE-22
5.3
5.3
2020-02-19 CVE-2014-9608 Cross-site Scripting vulnerability in Netsweeper
Cross-site scripting (XSS) vulnerability in webadmin/policy/group_table_ajax.php/ in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
network
low complexity
netsweeper CWE-79
6.1
6.1
2020-02-19 CVE-2014-9607 Cross-site Scripting vulnerability in Netsweeper 4.0.3/4.0.4
Cross-site scripting (XSS) vulnerability in remotereporter/load_logfiles.php in Netsweeper 4.0.3 and 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter.
network
low complexity
netsweeper CWE-79
6.1
6.1
2020-02-19 CVE-2014-9606 Cross-site Scripting vulnerability in Netsweeper
Multiple cross-site scripting (XSS) vulnerabilities in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) server parameter to remotereporter/load_logfiles.php, (2) customctid parameter to webadmin/policy/category_table_ajax.php, (3) urllist parameter to webadmin/alert/alert.php, (4) QUERY_STRING to webadmin/ajaxfilemanager/ajax_get_file_listing.php, or (5) PATH_INFO to webadmin/policy/policy_table_ajax.php/.
network
low complexity
netsweeper CWE-79
6.1
6.1
2017-09-19 CVE-2014-9610 Permissions, Privileges, and Access Controls vulnerability in Netsweeper
Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and remove IP addresses from the quarantine via the ip parameter to webadmin/user/quarantine_disable.php.
network
low complexity
netsweeper CWE-264
5.3
5.3