153 matches found
CVE-2020-13167
Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php with certain Referer headers launches a command line with client-supplied parameters, and allows injection of shell metacharacters...
CVE-2012-3859
Unspecified vulnerability in the WebAdmin Portal in Netsweeper has unknown impact and attack vectors, a different vulnerability than CVE-2012-2446 and CVE-2012-2447...
CVE-2012-2446
Cross-site scripting XSS vulnerability in tools/locallookup.php in the WebAdmin Portal in Netsweeper allows remote attackers to inject arbitrary web script or HTML via the group parameter in a lookup action...
CVE-2012-2447
Cross-site request forgery CSRF vulnerability in accountmgr/adminupdate.php in the WebAdmin Portal in Netsweeper allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts via an add action...
CVE-2025-25497
An issue in account management interface in Netsweeper Server v.8.2.6 and earlier fixed in v.8.2.7 allows unauthorized changes to the "Account Owner" field due to client-side-only restrictions and a lack of server-side validation. This vulnerability enables account ownership reassignment to or aw...
CVE-2025-25497
An issue in account management interface in Netsweeper Server v.8.2.6 and earlier fixed in v.8.2.7 allows unauthorized changes to the "Account Owner" field due to client-side-only restrictions and a lack of server-side validation. This vulnerability enables account ownership reassignment to or aw...
CVE-2025-25497
CVE-2025-25497 concerns Netsweeper Server prior to 8.2.7. The issue lies in the account management interface where client-side restrictions and missing server-side validation allow unauthorized changes to the "Account Owner" field, enabling account ownership reassignment to or away from any user....
CVE-2025-25497
An issue in account management interface in Netsweeper Server v.8.2.6 and earlier fixed in v.8.2.7 allows unauthorized changes to the "Account Owner" field due to client-side-only restrictions and a lack of server-side validation. This vulnerability enables account ownership reassignment to or aw...
CVE-2025-25497
An issue in account management interface in Netsweeper Server v.8.2.6 and earlier fixed in v.8.2.7 allows unauthorized changes to the "Account Owner" field due to client-side-only restrictions and a lack of server-side validation. This vulnerability enables account ownership reassignment to or aw...
Netsweeper 安全漏洞
Netsweeper is a web content filtering solution from Netsweeper Canada. A security vulnerability exists in Netsweeper v.8.2.6 and prior versions that stems from a lack of server-side authentication in the account management interface, which could lead to unauthorized reassignment of account...
Netsweeper Privilege Escalation
Netsweeper allows for unauthorized changes to the account owner field due to a lack of server-side controls. Patched in NS1271GA. Description: Netsweeper's account management interface allows unauthorized changes to the "Account Owner" field due to client-side-only restrictions and a lack of...
VulnCheck KEV: CVE-2020-13167
Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php with certain Referer headers launches a command line with client-supplied parameters, and allows injection of shell metacharacters...
Netsweeper Injection Vulnerability
Netsweeper is a Web content filtering solution from Netsweeper Canada. A security vulnerability exists in the /webadmin/tools/unixlogin.php script in Netsweeper versions 6.4.3 and earlier. An attacker could exploit the vulnerability to execute code...
CVE-2020-13167
Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php with certain Referer headers launches a command line with client-supplied parameters, and allows injection of shell metacharacters...
CVE-2020-13167
Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php with certain Referer headers launches a command line with client-supplied parameters, and allows injection of shell metacharacters...
Design/Logic Flaw
Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php with certain Referer headers launches a command line with client-supplied parameters, and allows injection of shell metacharacters...
CVE-2020-13167
Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php with certain Referer headers launches a command line with client-supplied parameters, and allows injection of shell metacharacters...
CVE-2020-13167
Affected software: Netsweeper WebAdmin (Web content filtering) up to version 6.4.3. Vulnerability type & root cause: unauthenticated remote code execution via webadmin/tools/unixlogin.php where, with certain Referer headers, the command line is invoked with client-supplied parameters allowing she...
CVE-2020-13167
Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php with certain Referer headers launches a command line with client-supplied parameters, and allows injection of shell metacharacters. Recent assessments: wvu-r7 at May 21, 2020 5:51am UTC...
Netsweeper WebAdmin unixlogin.php Python Code Injection
This module exploits a Python code injection in the Netsweeper WebAdmin component's unixlogin.php script, for versions 6.4.4 and prior, to execute code as the root user. Authentication is bypassed by sending a random whitelisted Referer header in each request. Tested on the CentOS Linux-based...