Exploit for Observable Discrepancy in Netadmin Netadmin_Iam

Exploit Title: CVE-2024-9513 - NetAdmin IAM Allows User Enumer...

CVE-2024-51026

The NetAdmin IAM system version 4.0.30319 has a Cross Site Scripting XSS vulnerability in the /BalloonSave.ashx endpoint, where it is possible to inject a malicious payload into the Content= field...

NetAdmin IAM 安全漏洞

NetAdmin IAM is an application from NetAdmin, Inc. A security vulnerability exists in NetAdmin IAM version 4.0.30319 that stems from a cross-site scripting XSS vulnerability in the /BalloonSave.ashx endpoint...

CVE-2024-51026

The NetAdmin IAM system version 4.0.30319 has a Cross Site Scripting XSS vulnerability in the /BalloonSave.ashx endpoint, where it is possible to inject a malicious payload into the Content= field...

CVE-2024-51026

CVE-2024-51026 affects NetAdmin IAM system v4.0.30319. The vulnerability is a Cross Site Scripting (XSS) issue in the /BalloonSave.ashx endpoint, where an attacker can inject a payload into the Content field. Affected component: BalloonSave.ashx handling in NetAdmin IAM; root cause: unsanitized C...

PT-2024-34493 · Unknown · Netadmin Iam System

Name of the Vulnerable Software and Affected Versions: NetAdmin IAM system version 4.0.30319 Description: The issue concerns a Cross Site Scripting XSS vulnerability. It affects the "/BalloonSave.ashx" endpoint, where a malicious payload can be injected into the Content field. Recommendations: Fo...

CVE-2024-51026

The NetAdmin IAM system version 4.0.30319 has a Cross Site Scripting XSS vulnerability in the /BalloonSave.ashx endpoint, where it is possible to inject a malicious payload into the Content= field...

CVE-2024-48955

Broken access control in NetAdmin 4.030319 returns data with functionalities on the endpoint that "assembles" the functionalities menus, the return of this call is not encrypted and as the system does not validate the session authorization, an attacker can copy the content of the browser of a use...

CVE-2024-48955

Broken access control in NetAdmin 4.030319 returns data with functionalities on the endpoint that "assembles" the functionalities menus, the return of this call is not encrypted and as the system does not validate the session authorization, an attacker can copy the content of the browser of a use...

CVE-2024-48955

CVE-2024-48955 affects NetAdmin 4.030319. The issue is broken access control: an endpoint that assembles functionality menus returns data unencrypted and does not validate session authorization, enabling an attacker to copy content from a higher-privilege user’s browser and access that user’s fun...

NetAdmin 安全漏洞

NetAdmin is nsnail's open source, a general purpose backend permissions management system, rapid development framework. A security vulnerability exists in NetAdmin version 4.0.30319, which can be exploited to steal a valid session cookie and inject it into another device to grant unauthorized...

CVE-2024-48955

Broken access control in NetAdmin 4.030319 returns data with functionalities on the endpoint that "assembles" the functionalities menus, the return of this call is not encrypted and as the system does not validate the session authorization, an attacker can copy the content of the browser of a use...

CVE-2024-9513

A vulnerability was found in Netadmin Software NetAdmin IAM up to 3.5 and classified as problematic. Affected by this issue is some unknown functionality of the file /controller/api/Answer/ReturnUserQuestionsFilled of the component HTTP POST Request Handler. The manipulation of the argument...

CVE-2024-9513

A vulnerability was found in Netadmin Software NetAdmin IAM up to 3.5 and classified as problematic. Affected by this issue is some unknown functionality of the file /controller/api/Answer/ReturnUserQuestionsFilled of the component HTTP POST Request Handler. The manipulation of the argument...

CVE-2024-9513

NetAdmin IAM (Netadmin Software) up to version 3.5 has a vulnerability in the HTTP POST Request Handler at /controller/api/Answer/ReturnUserQuestionsFilled. The issue arises from improper manipulation of the username parameter, causing information exposure via discrepancy. Impact is limited to co...

CVE-2024-9513 Netadmin Software NetAdmin IAM HTTP POST Request ReturnUserQuestionsFilled information exposure

A vulnerability was found in Netadmin Software NetAdmin IAM up to 3.5 and classified as problematic. Affected by this issue is some unknown functionality of the file /controller/api/Answer/ReturnUserQuestionsFilled of the component HTTP POST Request Handler. The manipulation of the argument...

CVE-2024-9513 Netadmin Software NetAdmin IAM HTTP POST Request ReturnUserQuestionsFilled information exposure

A vulnerability was found in Netadmin Software NetAdmin IAM up to 3.5 and classified as problematic. Affected by this issue is some unknown functionality of the file /controller/api/Answer/ReturnUserQuestionsFilled of the component HTTP POST Request Handler. The manipulation of the argument...

NetAdmin IAM 安全漏洞

NetAdmin IAM is an application from NetAdmin, Inc. A security vulnerability exists in NetAdmin IAM version 3.5 and prior versions, which stems from an improper manipulation of the parameter username can lead to information disclosure...

PT-2024-39671 · Netadmin · Netadmin Iam

Name of the Vulnerable Software and Affected Versions: Netadmin Software NetAdmin IAM versions up to 3.5 Description: A vulnerability was found in the HTTP POST Request Handler component, specifically affecting the /controller/api/Answer/ReturnUserQuestionsFilled file. The manipulation of the...

CVE-2022-20734

A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, local attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this vulnerabilit...