GDPR 101: Monitoring & Maintaining Compliance After the Deadline

Discussions about the EU’s General Data Protection Regulation GDPR reached a crescendo on May 25, the compliance deadline, but many companies continue seeking guidance. The reason: A majority of companies missed the deadline, according to estimates from various sources, including Gartner, Crowd...

Spiceworks Desktop Cross-Site Scripting Vulnerability

Spiceworks Desktop is a suite of network device management and monitoring software for small and medium-sized businesses from Spiceworks USA. A cross-site scripting vulnerability exists in versions of Spiceworks Desktop prior to 2015-12-01. A remote attacker can exploit this vulnerability to...

CVE-2015-6021

Spiceworks Desktop before 2015-12-01 has XSS via an SNMP response...

Code injection

Spiceworks Desktop before 2015-12-01 has XSS via an SNMP response...

CVE-2015-6021

Spiceworks Desktop is affected by CVE-2015-6021: before 2015-12-01, XSS via an SNMP response can execute script in a user’s browser session. Root cause: improper handling of SNMP responses leads to cross-site scripting. Exploitation details are not provided in the documents. Remediation/patch inf...

CVE-2015-6021

Spiceworks Desktop before 2015-12-01 has XSS via an SNMP response...

Multiple Vulnerabilities in SpiceWorks 7.5 TFTP

SpiceWorks is a suite of network device management and monitoring software for small and medium-sized businesses from Spiceworks, Inc. A remote file overwrite and upload vulnerability exists in SpiceWorks 7.5 TFTP. A remote attacker can gain unauthorized access to the Spiceworks data configuratio...

CVE-2017-7237

The Spiceworks TFTP Server, as distributed with Spiceworks Inventory 7.5, allows remote attackers to access the Spiceworks data\configurations directory by leveraging the unauthenticated nature of the TFTP service for all clients who can reach UDP port 69, as demonstrated by a WRQ aka Write reque...

Design/Logic Flaw

The Spiceworks TFTP Server, as distributed with Spiceworks Inventory 7.5, allows remote attackers to access the Spiceworks data\configurations directory by leveraging the unauthenticated nature of the TFTP service for all clients who can reach UDP port 69, as demonstrated by a WRQ aka Write reque...

CVE-2017-7237

The Spiceworks TFTP Server, as distributed with Spiceworks Inventory 7.5, allows remote attackers to access the Spiceworks data\configurations directory by leveraging the unauthenticated nature of the TFTP service for all clients who can reach UDP port 69, as demonstrated by a WRQ aka Write reque...

CVE-2017-7237

The connected sources confirm CVE-2017-7237 affects Spiceworks Inventory 7.5’s TFTP server. An unauthenticated TFTP service on UDP port 69 allows remote attackers to access the Spiceworks data\configurations directory via a WRQ operation, with the CNVD entry noting potential file overwrite/upload...

CVE-2017-7237

The Spiceworks TFTP Server, as distributed with Spiceworks Inventory 7.5, allows remote attackers to access the Spiceworks data\configurations directory by leveraging the unauthenticated nature of the TFTP service for all clients who can reach UDP port 69, as demonstrated by a WRQ aka Write reque...

SpiceWorks 7.5 TFTP - Remote File Overwrite / Upload Vulnerability

Exploit for windows platform in category remote exploits + Credits: John Page AKA HYP3RLINX Vendor: ================== www.spiceworks.com Product: ================= Spiceworks - 7.5 Provides network inventory and monitoring of all the devices on the network by discovering IP-addressable devices. ...

Spiceworks 7.5 TFTP Improper Access Control File Overwrite / Upload

Credits: John Page AKA HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SPICEWORKS-IMPROPER-ACCESS-CONTROL-FILE-OVERWRITE.txt + ISR: APPARITIONSEC Vendor: ================== www.spiceworks.com Product: ================= Spiceworks - 7.5 Provides...

SpiceWorks 7.5 TFTP - Remote File Overwrite Upload

SpiceWorks 7.5 TFTP - Remote File Overwrite Upload + Credits: John Page AKA HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SPICEWORKS-IMPROPER-ACCESS-CONTROL-FILE-OVERWRITE.txt + ISR: APPARITIONSEC Vendor: ================== www.spiceworks.com...

SpiceWorks 7.5 TFTP - Remote File Overwrite / Upload

Credits: John Page AKA HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SPICEWORKS-IMPROPER-ACCESS-CONTROL-FILE-OVERWRITE.txt + ISR: APPARITIONSEC Vendor: ================== www.spiceworks.com Product: ================= Spiceworks - 7.5 Provides...

CVE-2012-2956

SQL injection vulnerability in SpiceWorks 5.3.75941 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to apiv2.json. NOTE: this entry was SPLIT per ADT2 due to different vulnerability types. CVE-2012-6658 is for the XSS...

CVE-2012-6658

Multiple cross-site scripting XSS vulnerabilities in SpiceWorks 5.3.75941 allow remote attackers to inject arbitrary web script or HTML via the 1 syslocation, 2 syscontact, or 3 sysName configuration in snmpd.conf. NOTE: this entry was SPLIT from CVE-2012-2956 per ADT2 due to different...

Sql injection

SQL injection vulnerability in SpiceWorks 5.3.75941 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to apiv2.json. NOTE: this entry was SPLIT per ADT2 due to different vulnerability types. CVE-2012-6658 is for the XSS...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in SpiceWorks 5.3.75941 allow remote attackers to inject arbitrary web script or HTML via the 1 syslocation, 2 syscontact, or 3 sysName configuration in snmpd.conf. NOTE: this entry was SPLIT from CVE-2012-2956 per ADT2 due to different...