Lucene search
K

227 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 4:20 p.m.7 views

CVE-2020-14413

NeDi 1.9C is vulnerable to XSS because of an incorrect implementation of sanitize in inc/libmisc.php. This function attempts to escape the SCRIPT tag from user-controllable values, but can be easily bypassed, as demonstrated by an onerror attribute of an IMG element as a Devices-Config.php?sta=...

6.1CVSS6AI score0.03442EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:0 p.m.7 views

CVE-2020-14414

NeDi 1.9C is vulnerable to Remote Command Execution. pwsec.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload any system commands that contains shell metacharacters via a POST request with a pw parameter. This can also be...

9CVSS7.1AI score0.03681EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:14 p.m.6 views

CVE-2020-15033

NeDi 1.9C is vulnerable to cross-site scripting XSS attack. The application allows an attacker to execute arbitrary JavaScript code via the snmpget.php ip parameter...

5.4CVSS6.1AI score0.00557EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 11:31 a.m.6 views

CVE-2013-3501

Multiple cross-site scripting XSS vulnerabilities in GroundWork Monitor Enterprise 6.7.0 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 the foundation-webapp/admin/ directory, 2 the NeDi component, or 3 the Noma component...

4.3CVSS5.9AI score0.01333EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:42 a.m.6 views

CVE-2013-3511

Open redirect vulnerability in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...

5.8CVSS7.2AI score0.01341EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:42 a.m.7 views

CVE-2013-3508

html/System-Files.php in the System File Overview feature in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to execute arbitrary commands via vectors involving file editing...

6.5CVSS7.5AI score0.01969EPSS
Exploits0References1
CNVD
CNVD
added 2022/10/10 12:0 a.m.27 views

Nedi Consulting Nedi User Enumeration Vulnerability

Nedi Consulting NeDi is a suite of open source software from Nedi Consulting, Switzerland that supports discovery and mapping of network devices. A user enumeration vulnerability exists in Nedi, which stems from the insecure design of the Nedi login and community login web UI, and can be exploite...

9.1CVSS9.2AI score0.01534EPSS
Exploits1References1
NVD
NVD
added 2022/10/06 6:16 p.m.17 views

CVE-2022-40895

In certain Nedi products, a vulnerability in the web UI of NeDi login & Community login could allow an unauthenticated, remote attacker to affect the integrity of a device via a User Enumeration vulnerability. The vulnerability is due to insecure design, where a difference in forgot password...

9.1CVSS0.01534EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/10/06 6:16 p.m.4 views

CVE-2022-40895

In certain Nedi products, a vulnerability in the web UI of NeDi login & Community login could allow an unauthenticated, remote attacker to affect the integrity of a device via a User Enumeration vulnerability. The vulnerability is due to insecure design, where a difference in forgot password...

9.1CVSS7.4AI score0.01534EPSS
Exploits1References4
OSV
OSV
added 2022/10/06 6:16 p.m.5 views

CVE-2022-40895

In certain Nedi products, a vulnerability in the web UI of NeDi login & Community login could allow an unauthenticated, remote attacker to affect the integrity of a device via a User Enumeration vulnerability. The vulnerability is due to insecure design, where a difference in forgot password...

9.1CVSS5.8AI score0.01534EPSS
Exploits1References3
Prion
Prion
added 2022/10/06 6:16 p.m.15 views

Design/Logic Flaw

In certain Nedi products, a vulnerability in the web UI of NeDi login & Community login could allow an unauthenticated, remote attacker to affect the integrity of a device via a User Enumeration vulnerability. The vulnerability is due to insecure design, where a difference in forgot password...

6.4CVSS9.1AI score0.01534EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2022/10/06 12:0 a.m.63 views

CVE-2022-40895

CVE-2022-40895 affects NeDi’s web UI login and Community login, where an insecure design in the forgot-password flow enables unauthenticated, remote user enumeration and brute-force attempts against valid usernames. Reported impact is integrity compromise for affected devices; attack vector is ne...

9.1CVSS9.2AI score0.01534EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2022/10/06 12:0 a.m.5 views

Nedi Consulting Nedi 安全漏洞

Nedi Consulting NeDi is a suite of open source software from Nedi Consulting, Switzerland that supports discovery and mapping of network devices. A user enumeration vulnerability exists in Nedi, which stems from the insecure design of the Nedi login and community login web UI, and can be exploite...

9.1CVSS6.8AI score0.01534EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/10/06 12:0 a.m.8 views

PT-2022-25613 · Nedi · Nedi

Name of the Vulnerable Software and Affected Versions: NeDi versions 1.0.7 and earlier Description: A vulnerability in the web UI of NeDi login & Community login could allow an unauthenticated, remote attacker to affect the integrity of a device via a User Enumeration vulnerability. This is due t...

9.1CVSS9.1AI score0.01534EPSS
Exploits1References4
Cvelist
Cvelist
added 2022/10/06 12:0 a.m.21 views

CVE-2022-40895

In certain Nedi products, a vulnerability in the web UI of NeDi login & Community login could allow an unauthenticated, remote attacker to affect the integrity of a device via a User Enumeration vulnerability. The vulnerability is due to insecure design, where a difference in forgot password...

9.4AI score0.01534EPSS
Exploits1References3
CNVD
CNVD
added 2021/02/20 12:0 a.m.6 views

NeDi OS Command Injection Vulnerability

NeDi is an open source software tool that discovers, maps and inventories network devices and tracks connected end nodes. NeDi 1.9C suffers from an OS command injection vulnerability. The vulnerability can be exploited to execute OS commands in the Nodes Traffic function of endpoint...

8.8CVSS7.8AI score0.0149EPSS
Exploits1References1
CNVD
CNVD
added 2021/02/20 12:0 a.m.8 views

NeDi PHP Code Injection Vulnerability

NeDi is an open source software tool that discovers, maps and inventories network devices and tracks connected end nodes. NeDi 1.9C suffers from a PHP code injection vulnerability. The vulnerability can be exploited to inject PHP code into the System Files function of endpoint /System-Files.php v...

9.9CVSS7.5AI score0.0115EPSS
Exploits1References1
CNVD
CNVD
added 2021/02/20 12:0 a.m.5 views

NeDi SQL Injection Vulnerability (CNVD-2021-22163)

NeDi is an open source software tool that discovers, maps and inventories network devices and tracks connected end nodes. A SQL injection vulnerability exists in the Monitoring History function in endpoint /Monitoring-History.php in NeDi 1.9C. An attacker can exploit this vulnerability to access...

8.8CVSS7.9AI score0.01227EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2021/02/17 12:0 a.m.21 views

NeDi <= 1.9C, 2.0 Multiple Vulnerabilities

NeDi is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribu...

9.9CVSS8.9AI score0.0149EPSS
Exploits3References2
NVD
NVD
added 2021/02/12 9:15 p.m.30 views

CVE-2021-26753

NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the endpoint /System-Files.php via the txt HTTP POST parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data...

9.9CVSS0.0115EPSS
Exploits1References1
Rows per page
Query Builder