Lucene search
K

153 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 4:15 p.m.11 views

CVE-2020-13167

Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php with certain Referer headers launches a command line with client-supplied parameters, and allows injection of shell metacharacters...

9.8CVSS8.3AI score0.95415EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/05/22 5:46 a.m.7 views

CVE-2012-3859

Unspecified vulnerability in the WebAdmin Portal in Netsweeper has unknown impact and attack vectors, a different vulnerability than CVE-2012-2446 and CVE-2012-2447...

10CVSS6.4AI score0.02917EPSS
Exploits7References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:43 a.m.6 views

CVE-2012-2446

Cross-site scripting XSS vulnerability in tools/locallookup.php in the WebAdmin Portal in Netsweeper allows remote attackers to inject arbitrary web script or HTML via the group parameter in a lookup action...

4.3CVSS5.5AI score0.01058EPSS
Exploits6References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:5 a.m.7 views

CVE-2012-2447

Cross-site request forgery CSRF vulnerability in accountmgr/adminupdate.php in the WebAdmin Portal in Netsweeper allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts via an add action...

6.8CVSS7.3AI score0.00675EPSS
Exploits6References1
RedhatCVE
RedhatCVE
added 2025/03/08 1:22 a.m.14 views

CVE-2025-25497

An issue in account management interface in Netsweeper Server v.8.2.6 and earlier fixed in v.8.2.7 allows unauthorized changes to the "Account Owner" field due to client-side-only restrictions and a lack of server-side validation. This vulnerability enables account ownership reassignment to or aw...

8.1CVSS7AI score0.00328EPSS
Exploits0References1
NVD
NVD
added 2025/03/06 8:15 p.m.14 views

CVE-2025-25497

An issue in account management interface in Netsweeper Server v.8.2.6 and earlier fixed in v.8.2.7 allows unauthorized changes to the "Account Owner" field due to client-side-only restrictions and a lack of server-side validation. This vulnerability enables account ownership reassignment to or aw...

8.1CVSS0.00328EPSS
Exploits0References2
CVE
CVE
added 2025/03/06 12:0 a.m.58 views

CVE-2025-25497

CVE-2025-25497 concerns Netsweeper Server prior to 8.2.7. The issue lies in the account management interface where client-side restrictions and missing server-side validation allow unauthorized changes to the "Account Owner" field, enabling account ownership reassignment to or away from any user....

8.1CVSS7.1AI score0.00328EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/06 12:0 a.m.18 views

CVE-2025-25497

An issue in account management interface in Netsweeper Server v.8.2.6 and earlier fixed in v.8.2.7 allows unauthorized changes to the "Account Owner" field due to client-side-only restrictions and a lack of server-side validation. This vulnerability enables account ownership reassignment to or aw...

0.00328EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/06 12:0 a.m.5 views

CVE-2025-25497

An issue in account management interface in Netsweeper Server v.8.2.6 and earlier fixed in v.8.2.7 allows unauthorized changes to the "Account Owner" field due to client-side-only restrictions and a lack of server-side validation. This vulnerability enables account ownership reassignment to or aw...

7.1AI score0.00328EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/03/06 12:0 a.m.4 views

Netsweeper 安全漏洞

Netsweeper is a web content filtering solution from Netsweeper Canada. A security vulnerability exists in Netsweeper v.8.2.6 and prior versions that stems from a lack of server-side authentication in the account management interface, which could lead to unauthorized reassignment of account...

8.1CVSS6.8AI score0.00328EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2025/01/13 12:0 a.m.140 views

Netsweeper Privilege Escalation

Netsweeper allows for unauthorized changes to the account owner field due to a lack of server-side controls. Patched in NS1271GA. Description: Netsweeper's account management interface allows unauthorized changes to the "Account Owner" field due to client-side-only restrictions and a lack of...

7.2AI score
Exploits0
VulnCheck KEV
VulnCheck KEV
added 2023/12/11 12:0 a.m.2 views

VulnCheck KEV: CVE-2020-13167

Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php with certain Referer headers launches a command line with client-supplied parameters, and allows injection of shell metacharacters...

9.8CVSS7.9AI score0.95415EPSS
Exploits2References1
CNVD
CNVD
added 2020/05/20 12:0 a.m.2 views

Netsweeper Injection Vulnerability

Netsweeper is a Web content filtering solution from Netsweeper Canada. A security vulnerability exists in the /webadmin/tools/unixlogin.php script in Netsweeper versions 6.4.3 and earlier. An attacker could exploit the vulnerability to execute code...

9.8CVSS7AI score0.95415EPSS
Exploits2References1
NVD
NVD
added 2020/05/19 8:15 p.m.26 views

CVE-2020-13167

Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php with certain Referer headers launches a command line with client-supplied parameters, and allows injection of shell metacharacters...

9.8CVSS10AI score0.95415EPSS
Exploits2References1
OSV
OSV
added 2020/05/19 8:15 p.m.6 views

CVE-2020-13167

Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php with certain Referer headers launches a command line with client-supplied parameters, and allows injection of shell metacharacters...

9.8CVSS7.8AI score0.95415EPSS
Exploits2References1
Prion
Prion
added 2020/05/19 8:15 p.m.20 views

Design/Logic Flaw

Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php with certain Referer headers launches a command line with client-supplied parameters, and allows injection of shell metacharacters...

7.5CVSS10AI score0.95415EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2020/05/19 7:29 p.m.27 views

CVE-2020-13167

Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php with certain Referer headers launches a command line with client-supplied parameters, and allows injection of shell metacharacters...

10AI score0.95415EPSS
Exploits2References1
CVE
CVE
added 2020/05/19 7:29 p.m.89 views

CVE-2020-13167

Affected software: Netsweeper WebAdmin (Web content filtering) up to version 6.4.3. Vulnerability type & root cause: unauthenticated remote code execution via webadmin/tools/unixlogin.php where, with certain Referer headers, the command line is invoked with client-supplied parameters allowing she...

9.8CVSS10AI score0.95415EPSS
In wildExploits2References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2020/05/19 12:0 a.m.23 views

CVE-2020-13167

Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php with certain Referer headers launches a command line with client-supplied parameters, and allows injection of shell metacharacters. Recent assessments: wvu-r7 at May 21, 2020 5:51am UTC...

9.8CVSS5.3AI score0.95415EPSS
Exploits2References2
Metasploit
Metasploit
added 2020/05/12 1:34 p.m.168 views

Netsweeper WebAdmin unixlogin.php Python Code Injection

This module exploits a Python code injection in the Netsweeper WebAdmin component's unixlogin.php script, for versions 6.4.4 and prior, to execute code as the root user. Authentication is bypassed by sending a random whitelisted Referer header in each request. Tested on the CentOS Linux-based...

9.8CVSS9.9AI score0.95415EPSS
Exploits2
Rows per page
Query Builder