Netsweeper: >> Netsweeper >> 3.1.10 Security Vulnerabilities
Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php (with certain Referer headers) launches a command line with client-supplied parameters, and allows injection of shell metacharacters.
CVSS Score
9.8
EPSS Score
0.931
Published
2020-05-19
Open redirect vulnerability in remotereporter/load_logfiles.php in Netsweeper before 4.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.
CVSS Score
6.1
EPSS Score
0.262
Published
2020-02-19
The Web Panel in Netsweeper before 4.0.5 has a default password of branding for the branding account, which makes it easier for remote attackers to obtain access via a request to webadmin/.
CVSS Score
9.8
EPSS Score
0.695
Published
2020-02-19
Netsweeper before 4.0.5 allows remote attackers to bypass authentication and create arbitrary accounts and policies via a request to webadmin/nslam/index.php.
CVSS Score
9.8
EPSS Score
0.286
Published
2017-09-19
Unspecified vulnerability in the WebAdmin Portal in Netsweeper has unknown impact and attack vectors, a different vulnerability than CVE-2012-2446 and CVE-2012-2447.
CVSS Score
10.0
EPSS Score
0.128
Published
2012-07-09
Cross-site scripting (XSS) vulnerability in tools/local_lookup.php in the WebAdmin Portal in Netsweeper allows remote attackers to inject arbitrary web script or HTML via the group parameter in a lookup action.
CVSS Score
4.3
EPSS Score
0.003
Published
2012-07-09
Cross-site request forgery (CSRF) vulnerability in accountmgr/adminupdate.php in the WebAdmin Portal in Netsweeper allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts via an add action.
CVSS Score
6.8
EPSS Score
0.001
Published
2012-07-09