Lansweeper Unauthenticated SQL Injection

Lansweeper before 7.1.117.4 allows unauthenticated SQL injection. id: CVE-2019-13462 info: name: Lansweeper Unauthenticated SQL Injection author: divyamudgal severity: critical description: Lansweeper before 7.1.117.4 allows unauthenticated SQL injection. impact: | This vulnerability can lead to...

EUVD-2015-9106

Malware in sbrugna...

EUVD-2020-5899

Malware in sbrugna...

EUVD-2019-8623

Malware in sbrugna...

EUVD-2017-5223

Malware in sbrugna...

EUVD-2017-8015

Malware in sbrugna...

EUVD-2017-18228

Malware in sbrugna...

EUVD-2022-33848

Malicious code in bioql PyPI...

EUVD-2022-26391

Malicious code in bioql PyPI...

EUVD-2022-35639

Malicious code in bioql PyPI...

EUVD-2022-33145

Malicious code in bioql PyPI...

EUVD-2022-35829

Malicious code in bioql PyPI...

CVE-2020-14011

Lansweeper 6.0.x through 7.2.x has a default installation in which the admin password is configured for the admin account, unless "Built-in admin" is manually unchecked. This allows command execution via the Add New Package and Scheduled Deployments features...

CVE-2020-13658

In Lansweeper 8.0.130.17, the web console is vulnerable to a CSRF attack that would allow a low-level Lansweeper user to elevate their privileges within the application...

CVE-2019-18955

The web console in Lansweeper 7.2.105.2 has XSS via the URL path. Product vulnerability has been fixed and disclosed within changelog as of 02 Dec 2019...

CVE-2019-13462

Lansweeper before 7.1.117.4 allows unauthenticated SQL injection...

VulnCheck KEV: CVE-2019-13462

Lansweeper before 7.1.117.4 allows unauthenticated SQL injection...

Lansweeper Credential Collector

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Lansweeper Credential Collector', 'Description' = %q Lansweeper stores the credentials it uses to scan the computers in its Microsoft SQL databas...

CVE-2022-32763

A cross-site scripting xss sanitization vulnerability bypass exists in the SanitizeHtml functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2022-27498

CVE-2022-27498 is a directory traversal vulnerability in Lansweeper 10.1.1.0, exposed through TicketTemplateActions.aspx GetTemplateAttachment. The vulnerability allows an attacker to read arbitrary files via a crafted HTTP request by manipulating fileuid and bypassing path restrictions, as demon...