153 matches found
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allow remote attackers to inject arbitrary web script or HTML via the 1 server parameter to remotereporter/loadlogfiles.php, 2 customctid parameter to...
CVE-2014-9617
Open redirect vulnerability in remotereporter/loadlogfiles.php in Netsweeper before 4.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter...
CVE-2014-9617
Open redirect vulnerability in Netsweeper’s remotereporter/load_logfiles.php reported as CVE-2014-9617. Affected software: Netsweeper (notably 3.0.6 and versions prior to 4.0.5). The flaw allows remote attackers to redirect users to arbitrary websites via the url parameter, enabling phishing scen...
CVE-2014-9615
Cross-site scripting XSS vulnerability in Netsweeper 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter to webadmin/deny/index.php...
CVE-2014-9615
Netsweeper 4.0.4 is affected by a cross-site scripting (XSS) vulnerability via the url parameter to webadmin/deny/index.php. The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to script execution in the victim’s browser. The Nuclei template confirms this...
CVE-2014-9614
The Web Panel in Netsweeper before 4.0.5 has a default password of branding for the branding account, which makes it easier for remote attackers to obtain access via a request to webadmin/...
CVE-2014-9614
CVE-2014-9614 (Netsweeper) affects the Web Panel prior to version 4.0.5, where the branding account uses a default password of 'branding'. This allows remote attackers to access the system by targeting the webadmin/ interface. The NUCLEI template confirms the issue and describes impact as unautho...
CVE-2014-9613
CVE-2014-9613 affects Netsweeper prior to 2.6.29.10. The vulnerability is SQL injection in two parameters: (1) login parameter to webadmin/auth/verification.php and (2) dpid parameter to webadmin/deny/index.php. Exploitation details in connected records indicate that an unauthenticated remote att...
CVE-2014-9613
Multiple SQL injection vulnerabilities in Netsweeper before 2.6.29.10 allow remote attackers to execute arbitrary SQL commands via the 1 login parameter to webadmin/auth/verification.php or 2 dpid parameter to webadmin/deny/index.php...
CVE-2014-9612
SQL injection vulnerability in remotereporter/loadlogfiles.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to execute arbitrary SQL commands via the server parameter...
CVE-2014-9612
CVE-2014-9612 affects Netsweeper’s remotereporter/load_logfiles.php with an SQL injection via the server parameter. Concrete details across connected sources show affected versions: 3.1.10 and earlier 4.0.x before 4.0.9, and 4.1.x before 4.1.2 are vulnerable to remote SQL commands. The vulnerabil...
CVE-2014-9609
CVE-2014-9609 describes a directory traversal flaw in Netsweeper’s webadmin/reporter/view_server_log.php, exploitable via a .. in the log parameter under a stats action to list directory contents. Affected versions include Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2. Reme...
CVE-2014-9609
Directory traversal vulnerability in webadmin/reporter/viewserverlog.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to list directory contents via a .. dot dot in the log parameter in a stats action...
CVE-2014-9608
Cross-site scripting XSS vulnerability in webadmin/policy/grouptableajax.php/ in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO...
CVE-2014-9608
Netsweeper is affected by an XSS in webadmin/policy/group_table_ajax.php/ across multiple tracked versions: before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2. The issue stems from insufficient validation of client-side data via PATH_INFO, enabling remote attackers to inject arbitrary web ...
CVE-2014-9607
Cross-site scripting XSS vulnerability in remotereporter/loadlogfiles.php in Netsweeper 4.0.3 and 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter...
CVE-2014-9607
CVE-2014-9607 describes a cross-site scripting (XSS) vulnerability in Netsweeper’s remotereporter/load_logfiles.php used by version 4.0.3 and 4.0.4. The issue allows remote attackers to inject arbitrary web script or HTML via the url parameter, potentially executing code in the context of the tar...
CVE-2014-9606
Netsweeper CVE-2014-9606 involves multiple XSS vulnerabilities in Netsweeper releases: 3.1.10 and older 4.0.x (before 4.0.9) and 4.1.x (before 4.1.2). The XSS can be triggered by specially crafted inputs in five vectors: (1) server parameter to remotereporter/load_logfiles.php, (2) customctid to ...
CVE-2014-9606
Multiple cross-site scripting XSS vulnerabilities in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allow remote attackers to inject arbitrary web script or HTML via the 1 server parameter to remotereporter/loadlogfiles.php, 2 customctid parameter to...
Netsweeper Information Disclosure Vulnerability
Netsweeper is a Web content filtering solution from Netsweeper Canada. A security vulnerability exists in Netsweeper versions prior to 3.1.10, 4.0.x versions prior to 4.0.9, and 4.1.x versions prior to 4.1.2. A remote attacker could exploit the vulnerability to obtain sensitive information...