36 matches found
CVE-2023-37624
Netdisco before v2.063000 was discovered to contain an open redirect vulnerability. An attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links...
PT-2023-26046 · Netdisco · Netdisco
Name of the Vulnerable Software and Affected Versions: Netdisco versions prior to 2.063000 Description: The issue allows an attacker to redirect users to arbitrary web URLs by tricking victim users into clicking on crafted links. Recommendations: For versions prior to 2.063000, update to version...
CVE-2023-37623
Netdisco before v2.063000 was discovered to contain a cross-site scripting XSS vulnerability via the component /Web/TypeAhead.pm...
CVE-2023-37623
Netdisco (affected product) prior to version 2.063000 contains a cross-site scripting (XSS) vulnerability in the /Web/TypeAhead.pm component. The root cause is an XSS flaw in that module, enabling an attacker to inject a script that could affect a user’s browser session. The CVE-2023-37623 entry ...
CVE-2023-37623
Netdisco before v2.063000 was discovered to contain a cross-site scripting XSS vulnerability via the component /Web/TypeAhead.pm...
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in netdisco/netdisco
Description Session cookie dancer.session is not marked with 'Secure' Proof of Concept 1. Go to demo page https://netdisco2-demo.herokuapp.com, the page will automatically logs in as guest 2. Open Firefox developer and see that the cookie dancer.session is not marked with 'Secure'...
CVE-2019-15810
Insufficient sanitization during device search in Netdisco 2.042010 allows for reflected XSS via manipulation of a URL parameter...
CVE-2019-15810
Insufficient sanitization during device search in Netdisco 2.042010 allows for reflected XSS via manipulation of a URL parameter...
Design/Logic Flaw
Insufficient sanitization during device search in Netdisco 2.042010 allows for reflected XSS via manipulation of a URL parameter...
CVE-2019-15810
Insufficient sanitization during device search in Netdisco 2.042010 allows for reflected XSS via manipulation of a URL parameter...
CVE-2019-15810
The CVE-2019-15810 entry concerns Netdisco 2.042010, where insufficient sanitization during the device search allows a reflected XSS via manipulation of a URL parameter. The root cause is inadequate input sanitization in the search path; the impact is a reflected cross-site scripting vulnerabilit...
CVE-2008-5379
netdisco-mibs-installer 1.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/netdisco-mibs-0.6.tar.gz temporary file, related to the 1 netdisco-mibs-install and 2 netdisco-mibs-download scripts...
CVE-2008-5379
netdisco-mibs-installer 1.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/netdisco-mibs-0.6.tar.gz temporary file, related to the 1 netdisco-mibs-install and 2 netdisco-mibs-download scripts...
Code injection
netdisco-mibs-installer 1.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/netdisco-mibs-0.6.tar.gz temporary file, related to the 1 netdisco-mibs-install and 2 netdisco-mibs-download scripts...
CVE-2008-5379
Summary: CVE-2008-5379 affects netdisco-mibs-installer 1.0. A local attacker can exploit a symlink attack on the temporary file /tmp/netdisco-mibs-0.6.tar.gz to overwrite arbitrary files, related to the netdisco-mibs-install and netdisco-mibs-download scripts. The vulnerability is labeled as loca...
CVE-2008-5379
netdisco-mibs-installer 1.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/netdisco-mibs-0.6.tar.gz temporary file, related to the 1 netdisco-mibs-install and 2 netdisco-mibs-download scripts...