Vulnerabilities > Spiceworks

DATE CVE VULNERABILITY TITLE RISK
2023-11-09 CVE-2021-43609 SQL Injection vulnerability in Spiceworks Help Desk Server
An issue was discovered in Spiceworks Help Desk Server before 1.3.3.
network
low complexity
spiceworks CWE-89
8.8
2020-12-18 CVE-2020-25901 Open Redirect vulnerability in Spiceworks 7.5.7.0
Host Header Injection in Spiceworks 7.5.7.0 allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages.
network
low complexity
spiceworks CWE-601
6.1
2020-09-15 CVE-2020-23451 Cross-Site Request Forgery (CSRF) vulnerability in Spiceworks
Spiceworks Version <= 7.5.00107 is affected by CSRF which can lead to privilege escalation via "/settings/v1/users" function.
network
low complexity
spiceworks CWE-352
8.8
2020-09-01 CVE-2020-23450 Cross-site Scripting vulnerability in Spiceworks
Spiceworks Version <= 7.5.00107 is affected by XSS.
network
low complexity
spiceworks CWE-79
5.4
2017-04-10 CVE-2015-6021 Cross-site Scripting vulnerability in Spiceworks Desktop
Spiceworks Desktop before 2015-12-01 has XSS via an SNMP response.
network
low complexity
spiceworks CWE-79
6.1
2017-04-06 CVE-2017-7237 Unspecified vulnerability in Spiceworks 7.5
The Spiceworks TFTP Server, as distributed with Spiceworks Inventory 7.5, allows remote attackers to access the Spiceworks data\configurations directory by leveraging the unauthenticated nature of the TFTP service for all clients who can reach UDP port 69, as demonstrated by a WRQ (aka Write request) operation for a configuration file or an executable file.
network
low complexity
spiceworks
critical
9.8