Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nedi nedi vulnerabilities and exploits
(subscribe to this query)
801
VMScore
CVE-2020-14412
NeDi 1.9C is vulnerable to Remote Command Execution. System-Snapshot.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload (any system commands) that contains shell metacharacters via a POST request with a p...
Nedi Nedi 1.9c
801
VMScore
CVE-2020-14414
NeDi 1.9C is vulnerable to Remote Command Execution. pwsec.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload (any system commands) that contains shell metacharacters via a POST request with a pw paramete...
Nedi Nedi 1.9c
605
VMScore
CVE-2018-20728
A cross site request forgery (CSRF) vulnerability in NeDi prior to 1.7Cp3 allows remote malicious users to escalate privileges via User-Management.php.
Nedi Nedi
578
VMScore
CVE-2021-26752
NeDi 1.9C allows an authenticated user to execute operating system commands in the Nodes Traffic function on the endpoint /Nodes-Traffic.php via the md or ag HTTP GET parameter. This allows an malicious user to obtain access to the operating system where NeDi is installed and to ...
Nedi Nedi 1.9c
578
VMScore
CVE-2021-26753
NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the endpoint /System-Files.php via the txt HTTP POST parameter. This allows an malicious user to obtain access to the operating system where NeDi is installed and to all application data.
Nedi Nedi 1.9c
578
VMScore
CVE-2018-20727
Multiple command injection vulnerabilities in NeDi prior to 1.7Cp3 allow authenticated users to execute code on the server side via the flt parameter to Nodes-Traffic.php, the dv parameter to Devices-Graph.php, or the tit parameter to drawmap.php.
Nedi Nedi
578
VMScore
CVE-2013-3508
html/System-Files.php in the System File Overview feature in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to execute arbitrary commands via vectors involving file editing.
Gwos Groundwork Monitor 6.7.0
578
VMScore
CVE-2013-3509
html/System-NeDi.php in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the scan functionality in the System / NeDi menu.
Gwos Groundwork Monitor 6.7.0
578
VMScore
CVE-2013-3510
Multiple SQL injection vulnerabilities in GroundWork Monitor Enterprise 6.7.0 allow remote authenticated users to execute arbitrary SQL commands via (1) nedi/html/System-Export.php, (2) nedi/html/Devices-List.php, or (3) the Noma component.
Gwos Groundwork Monitor 6.7.0
516
VMScore
CVE-2013-3511
Open redirect vulnerability in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Gwos Groundwork Monitor 6.7.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »