227 matches found
CVE-2020-14413
NeDi 1.9C is vulnerable to XSS because of an incorrect implementation of sanitize in inc/libmisc.php. This function attempts to escape the SCRIPT tag from user-controllable values, but can be easily bypassed, as demonstrated by an onerror attribute of an IMG element as a Devices-Config.php?sta=...
CVE-2020-14414
NeDi 1.9C is vulnerable to Remote Command Execution. pwsec.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload any system commands that contains shell metacharacters via a POST request with a pw parameter. This can also be...
CVE-2020-15033
NeDi 1.9C is vulnerable to cross-site scripting XSS attack. The application allows an attacker to execute arbitrary JavaScript code via the snmpget.php ip parameter...
CVE-2013-3501
Multiple cross-site scripting XSS vulnerabilities in GroundWork Monitor Enterprise 6.7.0 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 the foundation-webapp/admin/ directory, 2 the NeDi component, or 3 the Noma component...
CVE-2013-3511
Open redirect vulnerability in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...
CVE-2013-3508
html/System-Files.php in the System File Overview feature in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to execute arbitrary commands via vectors involving file editing...
Nedi Consulting Nedi User Enumeration Vulnerability
Nedi Consulting NeDi is a suite of open source software from Nedi Consulting, Switzerland that supports discovery and mapping of network devices. A user enumeration vulnerability exists in Nedi, which stems from the insecure design of the Nedi login and community login web UI, and can be exploite...
CVE-2022-40895
In certain Nedi products, a vulnerability in the web UI of NeDi login & Community login could allow an unauthenticated, remote attacker to affect the integrity of a device via a User Enumeration vulnerability. The vulnerability is due to insecure design, where a difference in forgot password...
CVE-2022-40895
In certain Nedi products, a vulnerability in the web UI of NeDi login & Community login could allow an unauthenticated, remote attacker to affect the integrity of a device via a User Enumeration vulnerability. The vulnerability is due to insecure design, where a difference in forgot password...
CVE-2022-40895
In certain Nedi products, a vulnerability in the web UI of NeDi login & Community login could allow an unauthenticated, remote attacker to affect the integrity of a device via a User Enumeration vulnerability. The vulnerability is due to insecure design, where a difference in forgot password...
Design/Logic Flaw
In certain Nedi products, a vulnerability in the web UI of NeDi login & Community login could allow an unauthenticated, remote attacker to affect the integrity of a device via a User Enumeration vulnerability. The vulnerability is due to insecure design, where a difference in forgot password...
CVE-2022-40895
CVE-2022-40895 affects NeDi’s web UI login and Community login, where an insecure design in the forgot-password flow enables unauthenticated, remote user enumeration and brute-force attempts against valid usernames. Reported impact is integrity compromise for affected devices; attack vector is ne...
Nedi Consulting Nedi 安全漏洞
Nedi Consulting NeDi is a suite of open source software from Nedi Consulting, Switzerland that supports discovery and mapping of network devices. A user enumeration vulnerability exists in Nedi, which stems from the insecure design of the Nedi login and community login web UI, and can be exploite...
PT-2022-25613 · Nedi · Nedi
Name of the Vulnerable Software and Affected Versions: NeDi versions 1.0.7 and earlier Description: A vulnerability in the web UI of NeDi login & Community login could allow an unauthenticated, remote attacker to affect the integrity of a device via a User Enumeration vulnerability. This is due t...
CVE-2022-40895
In certain Nedi products, a vulnerability in the web UI of NeDi login & Community login could allow an unauthenticated, remote attacker to affect the integrity of a device via a User Enumeration vulnerability. The vulnerability is due to insecure design, where a difference in forgot password...
NeDi OS Command Injection Vulnerability
NeDi is an open source software tool that discovers, maps and inventories network devices and tracks connected end nodes. NeDi 1.9C suffers from an OS command injection vulnerability. The vulnerability can be exploited to execute OS commands in the Nodes Traffic function of endpoint...
NeDi PHP Code Injection Vulnerability
NeDi is an open source software tool that discovers, maps and inventories network devices and tracks connected end nodes. NeDi 1.9C suffers from a PHP code injection vulnerability. The vulnerability can be exploited to inject PHP code into the System Files function of endpoint /System-Files.php v...
NeDi SQL Injection Vulnerability (CNVD-2021-22163)
NeDi is an open source software tool that discovers, maps and inventories network devices and tracks connected end nodes. A SQL injection vulnerability exists in the Monitoring History function in endpoint /Monitoring-History.php in NeDi 1.9C. An attacker can exploit this vulnerability to access...
NeDi <= 1.9C, 2.0 Multiple Vulnerabilities
NeDi is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribu...
CVE-2021-26753
NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the endpoint /System-Files.php via the txt HTTP POST parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data...