153 matches found
CVE-2014-9610
Netsweeper versions affected: before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2. A remote attacker can bypass authentication and remove IP addresses from quarantine by supplying the ip parameter to webadmin/user/quarantine_disable.php. This is an authentication bypass vulnerability that a...
CVE-2014-9618
The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and subsequently create arbitrary profiles via a showdeny action to the default URL...
CVE-2014-9610
Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and remove IP addresses from the quarantine via the ip parameter to webadmin/user/quarantinedisable.php...
CVE-2014-9619
CVE-2014-9619 affects Netsweeper Webadmin: unrestricted file upload via webadmin/ajaxfilemanager/ajaxfilemanager.php. An authenticated admin can upload a file with a double extension and, by requesting it from webadmin/deny/images/, execute arbitrary PHP code (e.g., secuid0.php.gif). Affected ver...
Netsweeper WebUpgrade Authorization Issues Vulnerability
Netsweeper is a Web content filtering solution from Netsweeper Canada. A security vulnerability exists in Netsweeper's WebUpgrade that stems from the webupgrade/webupgrade.php script failing to adequately filter the 'login' and 'password ' parameters. A remote attacker can exploit the vulnerabili...
CVE-2014-9605
WebUpgrade in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and create a system backup tarball, restart the server, or stop the filters on the server via a ' single quote character in the login and password parameters to...
Sql injection
WebUpgrade in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and create a system backup tarball, restart the server, or stop the filters on the server via a ' single quote character in the login and password parameters to...
CVE-2014-9605
WebUpgrade in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and create a system backup tarball, restart the server, or stop the filters on the server via a ' single quote character in the login and password parameters to...
CVE-2014-9605
CVE-2014-9605 concerns Netsweeper WebUpgrade where insufficient filtering of the login/password inputs (single quote) allows remote attackers to bypass authentication in Netsweeper versions before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2. Successful bypass enables actions such as creati...
Netsweeper 4.0.8 - Authentication Bypass
No description provided by source...
Netsweeper Detection (HTTP)
Detection of Netsweeper. This script performs a HTTP based detection of Netsweeper. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...
Netsweeper Multiple Vulnerabilities (Aug 2015)
Netsweeper is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:netsweeper:netsweeper";...
Netsweeper 4.0.8 - Authentication Bypass (via New Profile Creation)
Netsweeper 4.0.8 - Authentication Bypass via New Profile Creation +-----------------------------------------------------------------+ + Netsweeper 4.0.8 - Authentication Bypass New Profile Creation + +-----------------------------------------------------------------+ Affected Product: Netsweeper...
Netsweeper 3.0.6 - Authentication Bypass
Netsweeper 3.0.6 - Authentication Bypass +------------------------------------------------------------------------+ + Netsweeper 3.0.6 - Authentication Bypass Account and Policy Creation + +------------------------------------------------------------------------+ Affected Product: Netsweeper Vend...
Netsweeper 4.0.8 - Authentication Bypass (via Disabling of IP Quarantine)
Netsweeper 4.0.8 - Authentication Bypass via Disabling of IP Quarantine +-----------------------------------------------------------------------+ + Netsweeper 4.0.8 - Authentication Bypass Disabling of IP Quarantine + +-----------------------------------------------------------------------+...
Netsweeper 4.0.4 - SQL Injection
Netsweeper 4.0.4 - SQL Injection +----------------------------------+ + Netsweeper 4.0.4 - SQL Injection + +----------------------------------+ Affected Product: Netsweeper Vendor Homepage : www.netsweeper.com Version : 4.0.4 and probably other versions Discovered by : Anastasios Monachos secuid0...
Netsweeper 4.0.8 - Arbitrary File Upload Execution
Netsweeper 4.0.8 - Arbitrary File Upload Execution +--------------------------------------------------------+ + Netsweeper 4.0.8 - Arbitrary File Upload and Execution + +--------------------------------------------------------+ Affected Product: Netsweeper Vendor Homepage : www.netsweeper.com...
Netsweeper 4.0.9 - Arbitrary File Upload Execution
Netsweeper 4.0.9 - Arbitrary File Upload Execution +--------------------------------------------------------+ + Netsweeper 4.0.9 - Arbitrary File Upload and Execution + +--------------------------------------------------------+ Affected Product: Netsweeper Vendor Homepage : www.netsweeper.com...
Netsweeper 2.6.29.8 - SQL Injection
Netsweeper 2.6.29.8 - SQL Injection +-------------------------------------+ + Netsweeper 2.6.29.8 - SQL Injection + +-------------------------------------+ Affected Product: Netsweeper Vendor Homepage : www.netsweeper.com Version : 2.6.29.8 and probably other versions Discovered by : Anastasios...
Netsweeper 4.0.8 - SQL Injection Authentication Bypass
Netsweeper 4.0.8 - SQL Injection Authentication Bypass +----------------------------------------------------------------+ + Netsweeper 4.0.8 - SQL Injection Authentication Bypass Admin + +----------------------------------------------------------------+ Affected Product: Netsweeper Vendor Homepag...