227 matches found
CVE-2021-26752
NeDi 1.9C allows an authenticated user to execute operating system commands in the Nodes Traffic function on the endpoint /Nodes-Traffic.php via the md or ag HTTP GET parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data...
CVE-2021-26751
NeDi 1.9C allows an authenticated user to perform a SQL Injection in the Monitoring History function on the endpoint /Monitoring-History.php via the det HTTP GET parameter. This allows an attacker to access all the data in the database and obtain access to the NeDi application...
CVE-2021-26751
NeDi 1.9C allows an authenticated user to perform a SQL Injection in the Monitoring History function on the endpoint /Monitoring-History.php via the det HTTP GET parameter. This allows an attacker to access all the data in the database and obtain access to the NeDi application...
Sql injection
NeDi 1.9C allows an authenticated user to perform a SQL Injection in the Monitoring History function on the endpoint /Monitoring-History.php via the det HTTP GET parameter. This allows an attacker to access all the data in the database and obtain access to the NeDi application...
Design/Logic Flaw
NeDi 1.9C allows an authenticated user to execute operating system commands in the Nodes Traffic function on the endpoint /Nodes-Traffic.php via the md or ag HTTP GET parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data...
Code injection
NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the endpoint /System-Files.php via the txt HTTP POST parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data...
CVE-2021-26751
CVE-2021-26751 affects NeDi 1.9C. An authenticated user can exploit a SQL Injection in the Monitoring History endpoint (/Monitoring-History.php) via the det HTTP GET parameter, enabling access to all data in the database and potentially compromising the NeDi application. NVD reports CVSS-2.0 base...
CVE-2021-26751
NeDi 1.9C allows an authenticated user to perform a SQL Injection in the Monitoring History function on the endpoint /Monitoring-History.php via the det HTTP GET parameter. This allows an attacker to access all the data in the database and obtain access to the NeDi application...
CVE-2021-26752
NeDi 1.9C allows an authenticated user to execute operating system commands in the Nodes Traffic function on the endpoint /Nodes-Traffic.php via the md or ag HTTP GET parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data...
CVE-2021-26752
CVE-2021-26752 affects NeDi 1.9C. An authenticated user can perform OS command injection in the Nodes Traffic function via the md or ag HTTP GET parameter on /Nodes-Traffic.php, enabling execution of OS commands and access to the underlying operating system and all application data. Root cause ap...
CVE-2021-26753
CVE-2021-26753 affects NeDi 1.9C. An authenticated user can inject PHP code via the txt HTTP POST parameter to /System-Files.php, enabling code execution and access to the underlying OS and all application data. Connected sources confirm the vulnerability details; no remediation steps are provide...
CVE-2021-26753
NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the endpoint /System-Files.php via the txt HTTP POST parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data...
Nedi Consulting NeDi 代码注入漏洞
NeDi is an open source software tool that discovers, maps and inventories network devices and tracks connected end nodes. NeDi 1.9C suffers from a PHP code injection vulnerability. The vulnerability can be exploited to inject PHP code into the System Files function of endpoint /System-Files.php v...
Nedi Consulting NeDi SQL注入漏洞
NeDi is an open source software tool that discovers, maps and inventories network devices and tracks connected end nodes. A SQL injection vulnerability exists in the Monitoring History function in endpoint /Monitoring-History.php in NeDi 1.9C. An attacker can exploit this vulnerability to access...
NeDi Consulting NeDi Cross-Site Scripting Vulnerability
NeDi Consulting NeDi is a suite of open source software that supports the discovery and mapping of network devices from the Swiss company NeDi Consulting. A cross-site scripting vulnerability exists in NeDi version 1.9C in pwsec.php, which can be exploited by attackers to conduct xss attacks...
NeDi <= 1.9C Multiple XSS Vulnerabilities
NeDi is prone to multiple cross-site scripting XSS vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...
CVE-2020-23868
NeDi 1.9C allows inc/rt-popup.php d XSS...
CVE-2020-23868
NeDi 1.9C allows inc/rt-popup.php d XSS...
CVE-2020-23989
NeDi 1.9C allows pwsec.php oid XSS...
CVE-2020-23989
NeDi 1.9C allows pwsec.php oid XSS...