175 matches found
PT-2022-19673 · Unknown · Lansweeper
Name of the Vulnerable Software and Affected Versions: Lansweeper version 10.1.1.0 Description: A directory traversal issue exists in the HelpdeskActions.aspx edittemplate functionality. This can be triggered by a specially-crafted HTTP request, potentially leading to arbitrary file upload. An...
Vulnerabilities fixed in Lansweeper
Vulnerabilities have been fixed in Lansweeper. The vulnerabilities allow a malicious party to access sensitive data and to execute arbitrary code execute arbitrary code under administrator/root privileges. The vulnerabilities marked CVE-2022-32573 and CVE-2022-29517 are exploited by sending a rog...
Vulnerability Spotlight: Lansweeper directory traversal and cross-site scripting vulnerabilities
Marcin Icewall Noga of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered several directory traversal and cross-site scripting vulnerabilities in Lansweeper. Lansweeper is an IT Asset Management solution that gathers hardware and software information of computers and...
Lansweeper 路径遍历漏洞
Lansweeper is an IT asset management system from Lansweeper Belgium. The system includes features such as IT asset discovery and network settings scanning. A path traversal vulnerability exists in Lansweeper version 10.1.1.0, which stems from the presence of a path than there, a specially crafted...
Lansweeper 跨站脚本漏洞
Lansweeper is an IT asset management system from Lansweeper Belgium. The system includes features such as IT asset discovery and network settings scanning. A security vulnerability exists in Lansweeper version 10.1.1.0. An attacker can exploit the vulnerability to inject arbitrary Javascript code...
Lansweeper lansweeper AssetActions.aspx directory traversal vulnerability
Talos Vulnerability Report TALOS-2022-1528 Lansweeper lansweeper AssetActions.aspx directory traversal vulnerability December 1, 2022 CVE Number CVE-2022-32573 SUMMARY A directory traversal vulnerability exists in the AssetActions.aspx addDoc functionality of Lansweeper lansweeper 10.1.1.0. A...
Lansweeper lansweeper KnowledgebasePageActions.aspx ImportArticles directory traversal vulnerability
Talos Vulnerability Report TALOS-2022-1530 Lansweeper lansweeper KnowledgebasePageActions.aspx ImportArticles directory traversal vulnerability December 1, 2022 CVE Number CVE-2022-29511 SUMMARY A directory traversal vulnerability exists in the KnowledgebasePageActions.aspx ImportArticles...
Lansweeper 跨站脚本漏洞
Lansweeper is an IT asset management system from Lansweeper Belgium. The system includes features such as IT asset discovery and network settings scanning. A security vulnerability exists in Lansweeper version 10.1.1.0, which stems from the presence of stored cross-site scripting, where a special...
Lansweeper 路径遍历漏洞
Lansweeper is an IT asset management system from Lansweeper Belgium. The system includes features such as IT asset discovery and network settings scanning. A path traversal vulnerability exists in Lansweeper AssetActions. An attacker could exploit this vulnerability to upload arbitrary files via ...
Lansweeper 路径遍历漏洞
Lansweeper is an IT asset management system from Lansweeper Belgium. The system includes features such as IT asset discovery and network settings scanning. A path traversal vulnerability exists in Lansweeper version 10.1.1.0, which stems from the presence of a path than there, a specially crafted...
Lansweeper lansweeper TicketTemplateActions.aspx GetTemplateAttachment directory traversal vulnerability
Talos Vulnerability Report TALOS-2022-1531 Lansweeper lansweeper TicketTemplateActions.aspx GetTemplateAttachment directory traversal vulnerability December 1, 2022 CVE Number CVE-2022-27498 SUMMARY A directory traversal vulnerability exists in the TicketTemplateActions.aspx GetTemplateAttachment...
Lansweeper lansweeper HelpdeskActions.aspx edittemplate directory traversal vulnerability
Talos Vulnerability Report TALOS-2022-1529 Lansweeper lansweeper HelpdeskActions.aspx edittemplate directory traversal vulnerability December 1, 2022 CVE Number CVE-2022-29517 SUMMARY A directory traversal vulnerability exists in the HelpdeskActions.aspx edittemplate functionality of Lansweeper...
Lansweeper 路径遍历漏洞
Lansweeper is an IT asset management system from Lansweeper Belgium. The system includes features such as IT asset discovery and network settings scanning. A path traversal vulnerability exists in Lansweeper version 10.1.1.0, which stems from the presence of directory traversal, where a specially...
Lansweeper lansweeper SanitizeHtml cross-site scripting (XSS) vulnerability
Talos Vulnerability Report TALOS-2022-1541 Lansweeper lansweeper SanitizeHtml cross-site scripting XSS vulnerability December 1, 2022 CVE Number CVE-2022-32763 SUMMARY A cross-site scripting xss sanitization vulnerability bypass exists in the SanitizeHtml functionality of Lansweeper lansweeper...
Lansweeper lansweeper HdConfigActions.aspx altertextlanguages stored cross-site scripting vulnerability
Talos Vulnerability Report TALOS-2022-1532 Lansweeper lansweeper HdConfigActions.aspx altertextlanguages stored cross-site scripting vulnerability December 1, 2022 CVE Number CVE-2022-28703 SUMMARY A stored cross-site scripting vulnerability exists in the HdConfigActions.aspx altertextlanguages...
Lansweeper SQL Injection (CVE-2022-21210)
An SQL injection vulnerability exists in Lansweeper. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
Lansweeper SQL Injection (CVE-2022-21234)
An SQL injection vulnerability exists in Lansweeper. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
Lansweeper Cross-Site Scripting Vulnerability
Lansweeper is an IT asset management system from Lansweeper Belgium. The system includes features such as IT asset discovery, network settings scanning, etc. A cross-site scripting vulnerability exists in Lansweeper 9.1.20.2, which stems from a failure to adequately clean user-supplied data in...
Lansweeper WebUserActions Cross-Site Scripting (CVE-2022-21145)
A stored cross-site scripting vulnerability exists in Lansweeper. The vulnerability is due to insufficient sanitization of the loginmessage and loginfootertext parameters...
CVE-2022-22149
A SQL injection vulnerability exists in the HelpdeskEmailActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability...