Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nedi nedi vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2020-23868
NeDi 1.9C allows inc/rt-popup.php d XSS.
Nedi Nedi 1.9c
9.9
CVSSv3
CVE-2021-26753
NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the endpoint /System-Files.php via the txt HTTP POST parameter. This allows an malicious user to obtain access to the operating system where NeDi is installed and to all application data.
Nedi Nedi 1.9c
8.8
CVSSv3
CVE-2020-14414
NeDi 1.9C is vulnerable to Remote Command Execution. pwsec.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload (any system commands) that contains shell metacharacters via a POST request with a pw paramete...
Nedi Nedi 1.9c
8.8
CVSSv3
CVE-2021-26751
NeDi 1.9C allows an authenticated user to perform a SQL Injection in the Monitoring History function on the endpoint /Monitoring-History.php via the det HTTP GET parameter. This allows an malicious user to access all the data in the database and obtain access to the NeDi applicat...
Nedi Nedi 1.9c
8.8
CVSSv3
CVE-2020-14412
NeDi 1.9C is vulnerable to Remote Command Execution. System-Snapshot.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload (any system commands) that contains shell metacharacters via a POST request with a p...
Nedi Nedi 1.9c
6.1
CVSSv3
CVE-2020-14413
NeDi 1.9C is vulnerable to XSS because of an incorrect implementation of sanitize() in inc/libmisc.php. This function attempts to escape the SCRIPT tag from user-controllable values, but can be easily bypassed, as demonstrated by an onerror attribute of an IMG element as a Device...
Nedi Nedi 1.9c
NA
CVE-2013-3509
html/System-NeDi.php in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the scan functionality in the System / NeDi menu.
Gwos Groundwork Monitor 6.7.0
NA
CVE-2013-3510
Multiple SQL injection vulnerabilities in GroundWork Monitor Enterprise 6.7.0 allow remote authenticated users to execute arbitrary SQL commands via (1) nedi/html/System-Export.php, (2) nedi/html/Devices-List.php, or (3) the Noma component.
Gwos Groundwork Monitor 6.7.0
NA
CVE-2013-3511
Open redirect vulnerability in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Gwos Groundwork Monitor 6.7.0
NA
CVE-2013-3508
html/System-Files.php in the System File Overview feature in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to execute arbitrary commands via vectors involving file editing.
Gwos Groundwork Monitor 6.7.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
command injection
CVE-2021-47511
CVE-2024-26238
CVE-2024-4858
CVE-2024-21305
XXE
CVE-2021-47555
CVE-2021-47526
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »