9 matches found
CVE-2013-3511
Open redirect vulnerability in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...
CVE-2013-3502
monarchscan.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to execute arbitrary commands, and consequently obtain sensitive information, by leveraging a JOSSO SSO cookie...
Design/Logic Flaw
The Nagios-App component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to bypass intended access restrictions via a direct request for a 1 log file or 2 configuration file...
Authorization
The Cacti component in GroundWork Monitor Enterprise 6.7.0 does not properly perform authorization checks, which allows remote authenticated users to read or modify configuration settings via unspecified vectors, as demonstrated by reading credentials...
CVE-2013-3511
The connected documents confirm an open redirect vulnerability in the NeDi component of GroundWork Monitor Enterprise 6.7.0. Impact described as attackers redirecting users to arbitrary sites, enabling phishing via unspecified vectors. No concrete remediation steps or affected version details bey...
CVE-2013-3499
GroundWork Monitor Enterprise 6.7.0 performs authentication on the basis of the HTTP Referer header, which allows remote attackers to obtain administrative privileges or access files via a crafted header...
CVE-2013-3511
Open redirect vulnerability in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...
CVE-2013-3506
GroundWork Monitor Enterprise 6.7.0 (Performance component: perfchart.cgi) is vulnerable to remote command execution via Server Side Includes (SSI). The flaw stems from not properly restricting XML content, allowing an attacker to craft a .shtml file and leverage SSI to run arbitrary commands. No...
CVE-2013-3508
The CVE-2013-3508 entry affects GroundWork Monitor Enterprise 6.7.0 (NeDi component). The vulnerability exists in html/System-Files.php within the System File Overview feature, allowing remote authenticated users to execute arbitrary commands via vectors involving file editing. Base score is 6.5 ...