Lucene search
K

153 matches found

Prion
Prion
added 2020/02/19 8:15 p.m.18 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allow remote attackers to inject arbitrary web script or HTML via the 1 server parameter to remotereporter/loadlogfiles.php, 2 customctid parameter to...

4.3CVSS6.1AI score0.04292EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/02/19 8:2 p.m.24 views

CVE-2014-9617

Open redirect vulnerability in remotereporter/loadlogfiles.php in Netsweeper before 4.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter...

6.2AI score0.08013EPSS
Exploits1References1
CVE
CVE
added 2020/02/19 8:2 p.m.95 views

CVE-2014-9617

Open redirect vulnerability in Netsweeper’s remotereporter/load_logfiles.php reported as CVE-2014-9617. Affected software: Netsweeper (notably 3.0.6 and versions prior to 4.0.5). The flaw allows remote attackers to redirect users to arbitrary websites via the url parameter, enabling phishing scen...

6.1CVSS6.2AI score0.08013EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/02/19 7:59 p.m.29 views

CVE-2014-9615

Cross-site scripting XSS vulnerability in Netsweeper 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter to webadmin/deny/index.php...

6.1AI score0.03705EPSS
Exploits1References1
CVE
CVE
added 2020/02/19 7:59 p.m.98 views

CVE-2014-9615

Netsweeper 4.0.4 is affected by a cross-site scripting (XSS) vulnerability via the url parameter to webadmin/deny/index.php. The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to script execution in the victim’s browser. The Nuclei template confirms this...

6.1CVSS6AI score0.03705EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/02/19 7:56 p.m.26 views

CVE-2014-9614

The Web Panel in Netsweeper before 4.0.5 has a default password of branding for the branding account, which makes it easier for remote attackers to obtain access via a request to webadmin/...

9.4AI score0.66638EPSS
Exploits1References1
CVE
CVE
added 2020/02/19 7:56 p.m.78 views

CVE-2014-9614

CVE-2014-9614 (Netsweeper) affects the Web Panel prior to version 4.0.5, where the branding account uses a default password of 'branding'. This allows remote attackers to access the system by targeting the webadmin/ interface. The NUCLEI template confirms the issue and describes impact as unautho...

9.8CVSS9.3AI score0.66638EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2020/02/19 7:53 p.m.68 views

CVE-2014-9613

CVE-2014-9613 affects Netsweeper prior to 2.6.29.10. The vulnerability is SQL injection in two parameters: (1) login parameter to webadmin/auth/verification.php and (2) dpid parameter to webadmin/deny/index.php. Exploitation details in connected records indicate that an unauthenticated remote att...

9.8CVSS10AI score0.04064EPSS
Exploits3References1Affected Software1
Cvelist
Cvelist
added 2020/02/19 7:53 p.m.23 views

CVE-2014-9613

Multiple SQL injection vulnerabilities in Netsweeper before 2.6.29.10 allow remote attackers to execute arbitrary SQL commands via the 1 login parameter to webadmin/auth/verification.php or 2 dpid parameter to webadmin/deny/index.php...

10AI score0.04064EPSS
Exploits3References1
Cvelist
Cvelist
added 2020/02/19 7:51 p.m.26 views

CVE-2014-9612

SQL injection vulnerability in remotereporter/loadlogfiles.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to execute arbitrary SQL commands via the server parameter...

10AI score0.04872EPSS
Exploits3References1
CVE
CVE
added 2020/02/19 7:51 p.m.80 views

CVE-2014-9612

CVE-2014-9612 affects Netsweeper’s remotereporter/load_logfiles.php with an SQL injection via the server parameter. Concrete details across connected sources show affected versions: 3.1.10 and earlier 4.0.x before 4.0.9, and 4.1.x before 4.1.2 are vulnerable to remote SQL commands. The vulnerabil...

9.8CVSS10AI score0.04872EPSS
Exploits3References1Affected Software1
CVE
CVE
added 2020/02/19 7:47 p.m.84 views

CVE-2014-9609

CVE-2014-9609 describes a directory traversal flaw in Netsweeper’s webadmin/reporter/view_server_log.php, exploitable via a .. in the log parameter under a stats action to list directory contents. Affected versions include Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2. Reme...

5.3CVSS5.2AI score0.10619EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/02/19 7:47 p.m.21 views

CVE-2014-9609

Directory traversal vulnerability in webadmin/reporter/viewserverlog.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to list directory contents via a .. dot dot in the log parameter in a stats action...

5.2AI score0.10619EPSS
Exploits1References1
Cvelist
Cvelist
added 2020/02/19 7:43 p.m.20 views

CVE-2014-9608

Cross-site scripting XSS vulnerability in webadmin/policy/grouptableajax.php/ in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO...

6.1AI score0.03939EPSS
Exploits1References1
CVE
CVE
added 2020/02/19 7:43 p.m.78 views

CVE-2014-9608

Netsweeper is affected by an XSS in webadmin/policy/group_table_ajax.php/ across multiple tracked versions: before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2. The issue stems from insufficient validation of client-side data via PATH_INFO, enabling remote attackers to inject arbitrary web ...

6.1CVSS6AI score0.03939EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/02/19 7:39 p.m.25 views

CVE-2014-9607

Cross-site scripting XSS vulnerability in remotereporter/loadlogfiles.php in Netsweeper 4.0.3 and 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter...

6.1AI score0.05452EPSS
Exploits1References1
CVE
CVE
added 2020/02/19 7:39 p.m.87 views

CVE-2014-9607

CVE-2014-9607 describes a cross-site scripting (XSS) vulnerability in Netsweeper’s remotereporter/load_logfiles.php used by version 4.0.3 and 4.0.4. The issue allows remote attackers to inject arbitrary web script or HTML via the url parameter, potentially executing code in the context of the tar...

6.1CVSS6AI score0.05452EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2020/02/19 7:37 p.m.86 views

CVE-2014-9606

Netsweeper CVE-2014-9606 involves multiple XSS vulnerabilities in Netsweeper releases: 3.1.10 and older 4.0.x (before 4.0.9) and 4.1.x (before 4.1.2). The XSS can be triggered by specially crafted inputs in five vectors: (1) server parameter to remotereporter/load_logfiles.php, (2) customctid to ...

6.1CVSS6AI score0.04292EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/02/19 7:37 p.m.29 views

CVE-2014-9606

Multiple cross-site scripting XSS vulnerabilities in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allow remote attackers to inject arbitrary web script or HTML via the 1 server parameter to remotereporter/loadlogfiles.php, 2 customctid parameter to...

6.1AI score0.04292EPSS
Exploits1References1
CNVD
CNVD
added 2017/09/26 12:0 a.m.16 views

Netsweeper Information Disclosure Vulnerability

Netsweeper is a Web content filtering solution from Netsweeper Canada. A security vulnerability exists in Netsweeper versions prior to 3.1.10, 4.0.x versions prior to 4.0.9, and 4.1.x versions prior to 4.1.2. A remote attacker could exploit the vulnerability to obtain sensitive information...

7.5CVSS7.5AI score0.02447EPSS
Exploits1References1
Rows per page
Query Builder