Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nedi nedi vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2020-15017
NeDi 1.9C is vulnerable to reflected cross-site scripting. The Devices-Config.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the sta GET parameter.
Nedi Nedi 1.9c
6.5
CVSSv2
CVE-2018-20727
Multiple command injection vulnerabilities in NeDi prior to 1.7Cp3 allow authenticated users to execute code on the server side via the flt parameter to Nodes-Traffic.php, the dv parameter to Devices-Graph.php, or the tit parameter to drawmap.php.
Nedi Nedi
6.8
CVSSv2
CVE-2018-20728
A cross site request forgery (CSRF) vulnerability in NeDi prior to 1.7Cp3 allows remote malicious users to escalate privileges via User-Management.php.
Nedi Nedi
4.3
CVSSv2
CVE-2018-20729
A reflected cross site scripting (XSS) vulnerability in NeDi prior to 1.7Cp3 allows remote malicious users to inject arbitrary web script or HTML via the reg parameter in mh.php.
Nedi Nedi
5
CVSSv2
CVE-2018-20730
A SQL injection vulnerability in NeDi prior to 1.7Cp3 allows any user to execute arbitrary SQL read commands via the query.php component.
Nedi Nedi
4.3
CVSSv2
CVE-2018-20731
A stored cross site scripting (XSS) vulnerability in NeDi prior to 1.7Cp3 allows remote malicious users to inject arbitrary web script or HTML via User-Chat.php.
Nedi Nedi
4.3
CVSSv2
CVE-2013-3501
Multiple cross-site scripting (XSS) vulnerabilities in GroundWork Monitor Enterprise 6.7.0 allow remote malicious users to inject arbitrary web script or HTML via vectors related to (1) the foundation-webapp/admin/ directory, (2) the NeDi component, or (3) the Noma component.
Gwos Groundwork Monitor 6.7.0
4
CVSSv2
CVE-2013-3507
The NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to obtain sensitive information via a direct request for (1) a configuration file, (2) a database dump, or (3) the Tomcat status context.
Gwos Groundwork Monitor 6.7.0
6.5
CVSSv2
CVE-2013-3510
Multiple SQL injection vulnerabilities in GroundWork Monitor Enterprise 6.7.0 allow remote authenticated users to execute arbitrary SQL commands via (1) nedi/html/System-Export.php, (2) nedi/html/Devices-List.php, or (3) the Noma component.
Gwos Groundwork Monitor 6.7.0
6.5
CVSSv2
CVE-2013-3508
html/System-Files.php in the System File Overview feature in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to execute arbitrary commands via vectors involving file editing.
Gwos Groundwork Monitor 6.7.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »