NotCVE - vendor:"Lansweeper" product:"Lansweeper"

Page 3 of 18 results (0.003 seconds)

CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-13658

https://notcve.org/view.php?id=CVE-2020-13658

In Lansweeper 8.0.130.17, the web console is vulnerable to a CSRF attack that would allow a low-level Lansweeper user to elevate their privileges within the application. En Lansweeper versión 8.0.130.17, la consola web es vulnerable a un ataque de tipo CSRF que permitiría a un usuario de Lansweeper de bajo nivel escalar sus privilegios dentro de la aplicación • https://research.nccgroup.com/2020/09/25/technical-advisory-lansweeper-privilege-escalation-via-csrf-using-http-method-interchange https://www.nccgroup.com/us/our-research/?research=Technical+advisories • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 1

CVE-2020-14011 – Lansweeper 7.2 - Incorrect Access Control

https://notcve.org/view.php?id=CVE-2020-14011

Lansweeper 6.0.x through 7.2.x has a default installation in which the admin password is configured for the admin account, unless "Built-in admin" is manually unchecked. This allows command execution via the Add New Package and Scheduled Deployments features. Lansweeper versiones 6.0.x hasta 7.2.x, presenta una instalación predeterminada en la que la contraseña de administrador está configurada para la cuenta de administrador, a menos que "Built-in admin" sea manualmente desactivado. Esto permite una ejecución de comandos por medio de las funcionalidades Add New Package y Scheduled Deployments Lansweeper version 7.2 has a default admin account enabled which allows for remote code execution. • https://www.exploit-db.com/exploits/48618 http://packetstormsecurity.com/files/158205/Lansweeper-7.2-Default-Account-Remote-Code-Execution.html https://pastebin.com/EUkMx94X https://www.lansweeper.com/knowledgebase/restricting-access-to-the-web-console • CWE-1188: Initialization of a Resource with an Insecure Default •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-18955

https://notcve.org/view.php?id=CVE-2019-18955

The web console in Lansweeper 7.2.105.2 has XSS via the URL path. Product vulnerability has been fixed and disclosed within changelog as of 02 Dec 2019. La consola web en Lansweeper versión 7.2.105.2, presenta una vulnerabilidad de tipo XSS por medio de la ruta URL. La vulnerabilidad del producto ha sido corregida y revelada en el registro de cambios a partir del 02 de diciembre de 2019. • https://www.lansweeper.com/changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.1EPSS: 31%CPEs: 1EXPL: 1

CVE-2019-13462

https://notcve.org/view.php?id=CVE-2019-13462

Lansweeper before 7.1.117.4 allows unauthenticated SQL injection. Lansweeper anterior a la versión 7.1.117.4 permite la inyección SQL no autenticada. • https://www.lansweeper.com/forum/yaf_topics33_Announcements.aspx https://www.nccgroup.trust/uk/our-research/technical-advisory-unauthenticated-sql-injection-in-lansweeper • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0

CVE-2015-9264

https://notcve.org/view.php?id=CVE-2015-9264

Lansweeper 4.x through 6.x before 6.0.0.48 allows attackers to execute arbitrary code on the administrator's workstation via a crafted Windows service. Lansweeper en versiones 4.x hasta las 6.x anteriores a la 6.0.0.48 permite que los atacantes ejecuten código arbitrario en la estación de trabajo del administrador mediante un servicio de Windows manipulado. • https://www.lansweeper.com/updates/lansweeper-6-0-0-48-security-update • CWE-20: Improper Input Validation •

1 2 3 4