153 matches found
Netsweeper Information Disclosure Vulnerability
Netsweeper is a Web content filtering solution from Netsweeper Canada. A security vulnerability exists in Netsweeper versions prior to 3.1.10, 4.0.x versions prior to 4.0.9, and 4.1.x versions prior to 4.1.2. A remote attacker could exploit the vulnerability to obtain sensitive information...
Netsweeper Authentication Bypass Vulnerability
Netsweeper is a Web content filtering solution from Netsweeper Canada. A security vulnerability exists in Netsweeper versions prior to 3.1.10, 4.0.x prior to 4.0.9 and 4.1.x prior to 4.1.2. A remote attacker can exploit this vulnerability by sending the 'ip' parameter to the...
Netsweeper Authentication Bypass Vulnerability (CNVD-2017-30729)
Netsweeper is a Canadian company Netsweeper's set of Web content filtering solutions.Client Filter Admin portal is one of the filter management program. A security vulnerability exists in the Client Filter Admin portal in Netsweeper versions prior to 3.1.10, 4.0.x versions prior to 4.0.9 and 4.1....
Netsweeper Authentication Bypass Vulnerability (CNVD-2017-30727)
Netsweeper is a Web content filtering solution from Netsweeper Canada. A security vulnerability exists in versions of Netsweeper prior to 4.0.5. A remote attacker can exploit this vulnerability by sending a request to the webadmin/nslam/index.php file to bypass authentication and create arbitrary...
Authentication flaw
The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and subsequently create arbitrary profiles via a showdeny action to the default URL...
Unrestricted file upload
Unrestricted file upload vulnerability in webadmin/ajaxfilemanager/ajaxfilemanager.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote authenticated users with admin privileges on the Cloud Manager web console to execute arbitrary PHP code by uploading a file...
CVE-2014-9611
Netsweeper before 4.0.5 allows remote attackers to bypass authentication and create arbitrary accounts and policies via a request to webadmin/nslam/index.php...
CVE-2014-9619
Unrestricted file upload vulnerability in webadmin/ajaxfilemanager/ajaxfilemanager.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote authenticated users with admin privileges on the Cloud Manager web console to execute arbitrary PHP code by uploading a file...
Authentication flaw
Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and remove IP addresses from the quarantine via the ip parameter to webadmin/user/quarantinedisable.php...
CVE-2014-9616
Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to obtain sensitive information by making a request that redirects to the deny page...
CVE-2014-9618
The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and subsequently create arbitrary profiles via a showdeny action to the default URL...
Cross site request forgery (csrf)
Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to obtain sensitive information by making a request that redirects to the deny page...
CVE-2014-9610
Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and remove IP addresses from the quarantine via the ip parameter to webadmin/user/quarantinedisable.php...
Authentication flaw
Netsweeper before 4.0.5 allows remote attackers to bypass authentication and create arbitrary accounts and policies via a request to webadmin/nslam/index.php...
CVE-2014-9616
Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to obtain sensitive information by making a request that redirects to the deny page...
CVE-2014-9619
CVE-2014-9619 affects Netsweeper Webadmin: unrestricted file upload via webadmin/ajaxfilemanager/ajaxfilemanager.php. An authenticated admin can upload a file with a double extension and, by requesting it from webadmin/deny/images/, execute arbitrary PHP code (e.g., secuid0.php.gif). Affected ver...
CVE-2014-9611
CVE-2014-9611 affects Netsweeper prior to 4.0.5. An unauthenticated remote attacker can bypass authentication via the request to webadmin/nslam/index.php and can create arbitrary user accounts and policies. This is evidenced by the CNVD-2017-30727 entry and the corroborating exploit references no...
CVE-2014-9616
CVE-2014-9616 affects Netsweeper versions prior to 3.1.10, 4.0.x prior to 4.0.9, and 4.1.x prior to 4.1.2. The issue allows remote attackers to obtain sensitive information by issuing a request that redirects to the deny page. Affected component/behavior is an information disclosure via misdirect...
CVE-2014-9611
Netsweeper before 4.0.5 allows remote attackers to bypass authentication and create arbitrary accounts and policies via a request to webadmin/nslam/index.php...
CVE-2014-9619
Unrestricted file upload vulnerability in webadmin/ajaxfilemanager/ajaxfilemanager.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote authenticated users with admin privileges on the Cloud Manager web console to execute arbitrary PHP code by uploading a file...