CVE-2014-9611
Netsweeper before 4.0.5 allows remote attackers to bypass authentication and create arbitrary accounts and policies via a request to webadmin/nslam/index.php.
Source: CVE-2014-9611
[월:] 2017년 09월
CVE-2014-8174
CVE-2014-8174
eDeploy makes it easier for remote attackers to execute arbitrary code by leveraging use of HTTP to download files.
Source: CVE-2014-8174
CVE-2015-3432
CVE-2015-3432
Multiple cross-site scripting (XSS) vulnerabilities in Pydio (formerly AjaXplorer) before 6.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Pydio XSS Vulnerabilities."
Source: CVE-2015-3432
CVE-2017-10700
CVE-2017-10700
In the medialibrary component in QNAP NAS 4.3.3.0229, an un-authenticated, remote attacker can execute arbitrary system commands as the root user of the NAS application.
Source: CVE-2017-10700
CVE-2014-9610
CVE-2014-9610
Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and remove IP addresses from the quarantine via the ip parameter to webadmin/user/quarantine_disable.php.
Source: CVE-2014-9610
CVE-2014-6191
CVE-2014-6191
Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2, 6.0.4, and 6.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 98568.
Source: CVE-2014-6191
CVE-2014-9616
CVE-2014-9616
Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to obtain sensitive information by making a request that redirects to the deny page.
Source: CVE-2014-9616
CVE-2014-9618
CVE-2014-9618
The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and subsequently create arbitrary profiles via a showdeny action to the default URL.
Source: CVE-2014-9618
CVE-2014-5362
CVE-2014-5362
The admin interface in Landesk Management Suite 9.6 and earlier allows remote attackers to conduct remote file inclusion attacks involving ASPX pages from third-party sites via the d parameter to (1) ldms/sm_actionfrm.asp or (2) remote/frm_coremainfrm.aspx; or the (3) top parameter to remote/frm_splitfrm.aspx.
Source: CVE-2014-5362
CVE-2017-10931
CVE-2017-10931
The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration.
Source: CVE-2017-10931