CVE-2023-27312

SnapCenter Plugin for VMware vSphere versions 4.6 prior to 4.9 are susceptible to a vulnerability which may allow authenticated unprivileged users to modify email and snapshot name settings within the VMware vSphere user interface...

Code injection

SnapCenter Plugin for VMware vSphere versions 4.6 prior to 4.9 are susceptible to a vulnerability which may allow authenticated unprivileged users to modify email and snapshot name settings within the VMware vSphere user interface...

CVE-2023-27312 Privilege Escalation Vulnerability in SnapCenter Plugin for VMware vSphere

SnapCenter Plugin for VMware vSphere versions 4.6 prior to 4.9 are susceptible to a vulnerability which may allow authenticated unprivileged users to modify email and snapshot name settings within the VMware vSphere user interface...

NetApp SnapCenter Security Vulnerability

NetApp SnapCenter is a suite of applications from Network Appliance NetApp, Inc. that provides the ability to back up, verify, clone, and restore NetApp storage systems. A security vulnerability exists in NetApp SnapCenter version 4.6 VMware vSphere versions prior to 4.9 that originates from...

cypress-image-snapshot path traversal vulnerability

cypress-image-snapshot is an image snapshot plugin from the individual developer Simon Smith. A path traversal vulnerability exists in cypress-image-snapshot, which stems from a vulnerability that could allow a user to pass a relative file path as a snapshot name and access machines outside of th...

PT-2023-6177 · Netapp · Snapcenter Plugin For Vmware Vsphere

Name of the Vulnerable Software and Affected Versions: SnapCenter Plugin for VMware vSphere versions 4.6 through 4.8 Description: The issue is related to insufficient access control in the SnapCenter Plugin for VMware vSphere, which may allow authenticated unprivileged users to modify email and...

VulnCheck KEV: CVE-2017-11512

The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the name parameter for the download-snapshot URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files...

Nagios Log Server Cross-Site Scripting Vulnerability (CNVD-2021-05455)

Nagios Log Server is a set of centralized log management, monitoring and analysis software from Nagios, Inc. Nagios Log Server version 2.1.7 cross-site scripting vulnerability, the vulnerability stems from the nagioslogserver configuration snapshotname parameter is not filtered for user input, an...

CVE-2020-25385

Nagios Log Server 2.1.7 contains a cross-site scripting XSS vulnerability in /nagioslogserver/configure/createsnapshot through the snapshotname parameter, which may impact users who open a maliciously crafted link or third-party web page...

Nagios Log Server 跨站脚本漏洞

Nagios Log Server is a set of centralized log management, monitoring and analysis software from Nagios, Inc. Nagios Log Server version 2.1.7 cross-site scripting vulnerability, the vulnerability stems from the nagioslogserver configuration snapshotname parameter is not filtered for user input, an...

CVE-2017-15125

A flaw was found in CloudForms before 5.9.0.22 in the self-service UI snapshot feature where the name field is not properly sanitized for HTML and JavaScript input. An attacker could use this flaw to execute a stored XSS attack on an application administrator using CloudForms. Please note that CS...

CVE-2017-11512

The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the name parameter for the download-snapshot URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files...