Lucene search
K

227 matches found

NVD
NVD
added 2021/02/12 9:15 p.m.25 views

CVE-2021-26752

NeDi 1.9C allows an authenticated user to execute operating system commands in the Nodes Traffic function on the endpoint /Nodes-Traffic.php via the md or ag HTTP GET parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data...

8.8CVSS0.0149EPSS
Exploits1References1
NVD
NVD
added 2021/02/12 9:15 p.m.26 views

CVE-2021-26751

NeDi 1.9C allows an authenticated user to perform a SQL Injection in the Monitoring History function on the endpoint /Monitoring-History.php via the det HTTP GET parameter. This allows an attacker to access all the data in the database and obtain access to the NeDi application...

8.8CVSS0.01227EPSS
Exploits1References1
OSV
OSV
added 2021/02/12 9:15 p.m.4 views

CVE-2021-26751

NeDi 1.9C allows an authenticated user to perform a SQL Injection in the Monitoring History function on the endpoint /Monitoring-History.php via the det HTTP GET parameter. This allows an attacker to access all the data in the database and obtain access to the NeDi application...

8.8CVSS7.4AI score0.01227EPSS
Exploits1References1
Prion
Prion
added 2021/02/12 9:15 p.m.18 views

Sql injection

NeDi 1.9C allows an authenticated user to perform a SQL Injection in the Monitoring History function on the endpoint /Monitoring-History.php via the det HTTP GET parameter. This allows an attacker to access all the data in the database and obtain access to the NeDi application...

4CVSS8.8AI score0.01227EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2021/02/12 9:15 p.m.18 views

Design/Logic Flaw

NeDi 1.9C allows an authenticated user to execute operating system commands in the Nodes Traffic function on the endpoint /Nodes-Traffic.php via the md or ag HTTP GET parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data...

6.5CVSS8.6AI score0.0149EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2021/02/12 9:15 p.m.19 views

Code injection

NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the endpoint /System-Files.php via the txt HTTP POST parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data...

6.5CVSS9.2AI score0.0115EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2021/02/12 8:35 p.m.75 views

CVE-2021-26751

CVE-2021-26751 affects NeDi 1.9C. An authenticated user can exploit a SQL Injection in the Monitoring History endpoint (/Monitoring-History.php) via the det HTTP GET parameter, enabling access to all data in the database and potentially compromising the NeDi application. NVD reports CVSS-2.0 base...

8.8CVSS9.2AI score0.01227EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/02/12 8:35 p.m.25 views

CVE-2021-26751

NeDi 1.9C allows an authenticated user to perform a SQL Injection in the Monitoring History function on the endpoint /Monitoring-History.php via the det HTTP GET parameter. This allows an attacker to access all the data in the database and obtain access to the NeDi application...

9.5AI score0.01227EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/02/12 8:35 p.m.37 views

CVE-2021-26752

NeDi 1.9C allows an authenticated user to execute operating system commands in the Nodes Traffic function on the endpoint /Nodes-Traffic.php via the md or ag HTTP GET parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data...

9.3AI score0.0149EPSS
Exploits1References1
CVE
CVE
added 2021/02/12 8:35 p.m.84 views

CVE-2021-26752

CVE-2021-26752 affects NeDi 1.9C. An authenticated user can perform OS command injection in the Nodes Traffic function via the md or ag HTTP GET parameter on /Nodes-Traffic.php, enabling execution of OS commands and access to the underlying operating system and all application data. Root cause ap...

8.8CVSS9AI score0.0149EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2021/02/12 8:35 p.m.90 views

CVE-2021-26753

CVE-2021-26753 affects NeDi 1.9C. An authenticated user can inject PHP code via the txt HTTP POST parameter to /System-Files.php, enabling code execution and access to the underlying OS and all application data. Connected sources confirm the vulnerability details; no remediation steps are provide...

9.9CVSS9.2AI score0.0115EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/02/12 8:35 p.m.35 views

CVE-2021-26753

NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the endpoint /System-Files.php via the txt HTTP POST parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data...

9.5AI score0.0115EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/02/12 12:0 a.m.6 views

Nedi Consulting NeDi 代码注入漏洞

NeDi is an open source software tool that discovers, maps and inventories network devices and tracks connected end nodes. NeDi 1.9C suffers from a PHP code injection vulnerability. The vulnerability can be exploited to inject PHP code into the System Files function of endpoint /System-Files.php v...

9.9CVSS7.4AI score0.0115EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/02/12 12:0 a.m.7 views

Nedi Consulting NeDi SQL注入漏洞

NeDi is an open source software tool that discovers, maps and inventories network devices and tracks connected end nodes. A SQL injection vulnerability exists in the Monitoring History function in endpoint /Monitoring-History.php in NeDi 1.9C. An attacker can exploit this vulnerability to access...

8.8CVSS7.4AI score0.01227EPSS
Exploits1References2
CNVD
CNVD
added 2020/11/09 12:0 a.m.2 views

NeDi Consulting NeDi Cross-Site Scripting Vulnerability

NeDi Consulting NeDi is a suite of open source software that supports the discovery and mapping of network devices from the Swiss company NeDi Consulting. A cross-site scripting vulnerability exists in NeDi version 1.9C in pwsec.php, which can be exploited by attackers to conduct xss attacks...

5.4CVSS6.2AI score0.0055EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2020/11/04 12:0 a.m.17 views

NeDi <= 1.9C Multiple XSS Vulnerabilities

NeDi is prone to multiple cross-site scripting XSS vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

6.1AI score
Exploits0References2
NVD
NVD
added 2020/11/02 10:15 p.m.24 views

CVE-2020-23868

NeDi 1.9C allows inc/rt-popup.php d XSS...

5.4CVSS5.6AI score0.00525EPSS
Exploits1References1
OSV
OSV
added 2020/11/02 10:15 p.m.4 views

CVE-2020-23868

NeDi 1.9C allows inc/rt-popup.php d XSS...

5.4CVSS6.1AI score0.00525EPSS
Exploits1References1
NVD
NVD
added 2020/11/02 10:15 p.m.20 views

CVE-2020-23989

NeDi 1.9C allows pwsec.php oid XSS...

5.4CVSS5.6AI score0.0055EPSS
Exploits1References1
OSV
OSV
added 2020/11/02 10:15 p.m.5 views

CVE-2020-23989

NeDi 1.9C allows pwsec.php oid XSS...

5.4CVSS6.1AI score0.0055EPSS
Exploits1References1
Rows per page
Query Builder