Netsweeper » Netsweeper : Security Vulnerabilities, CVEs, (Gain Privilege)

CVE-2014-9618

The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and subsequently create arbitrary profiles via a showdeny action to the default URL.
Max CVSS
9.8
EPSS Score
3.43%
Published
2017-09-19
Updated
2017-09-29

CVE-2014-9611

Netsweeper before 4.0.5 allows remote attackers to bypass authentication and create arbitrary accounts and policies via a request to webadmin/nslam/index.php.
Max CVSS
9.8
EPSS Score
7.79%
Published
2017-09-19
Updated
2017-09-27

CVE-2014-9605

WebUpgrade in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and create a system backup tarball, restart the server, or stop the filters on the server via a ' (single quote) character in the login and password parameters to webupgrade/webupgrade.php. NOTE: this was originally reported as an SQL injection vulnerability, but this may be inaccurate.
Max CVSS
9.4
EPSS Score
0.24%
Published
2015-09-04
Updated
2019-02-01
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close