NotCVE - vendor:"Lansweeper" product:"Lansweeper" version:" >= 4.0 <= 4.2.0.90"

5 results (0.023 seconds)

CVSS: 9.1EPSS: 31%CPEs: 1EXPL: 1

CVE-2019-13462

https://notcve.org/view.php?id=CVE-2019-13462

Lansweeper before 7.1.117.4 allows unauthenticated SQL injection. Lansweeper anterior a la versión 7.1.117.4 permite la inyección SQL no autenticada. • https://www.lansweeper.com/forum/yaf_topics33_Announcements.aspx https://www.nccgroup.trust/uk/our-research/technical-advisory-unauthenticated-sql-injection-in-lansweeper • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0

CVE-2015-9264

https://notcve.org/view.php?id=CVE-2015-9264

Lansweeper 4.x through 6.x before 6.0.0.48 allows attackers to execute arbitrary code on the administrator's workstation via a crafted Windows service. Lansweeper en versiones 4.x hasta las 6.x anteriores a la 6.0.0.48 permite que los atacantes ejecuten código arbitrario en la estación de trabajo del administrador mediante un servicio de Windows manipulado. • https://www.lansweeper.com/updates/lansweeper-6-0-0-48-security-update • CWE-20: Improper Input Validation •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2

CVE-2017-16841 – LanSweeper 6.0.100.75 - Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2017-16841

LanSweeper 6.0.100.75 has XSS via the description parameter to /Calendar/CalendarActions.aspx. La versión 6.0.100.75 de LanSweeper tiene XSS mediante el parámetro description en /Calendar/CalendarActions.aspx. • https://www.exploit-db.com/exploits/43149 https://www.linkedin.com/pulse/lansweeper-bug-miguel-angel-mendez-oscp • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-13706 – Lansweeper 6.0.100.29 XXE Injection

https://notcve.org/view.php?id=CVE-2017-13706

XML external entity (XXE) vulnerability in the import package functionality of the deployment module in Lansweeper before 6.0.100.67 allows remote authenticated users to obtain sensitive information, cause a denial of service, conduct server-side request forgery (SSRF) attacks, conduct internal port scans, or have unspecified other impact via an XML request, aka bug #572705. Vulnerabilidad XEE (XML External Entity) en la funcionalidad de importación de paquetes del módulo deployment en Lansweeper en versiones anteriores a la 6.0.100.67 permite que usuarios autenticados remotos obtengan información sensible, provoquen una denegación de servicio, realicen ataques SSRF (Server-Side Request Forgery), realicen escaneos de puertos internos o provoquen otro impacto no especificado mediante una petición XML. Esta vulnerabilidad también se conoce como bug #572705. Lansweeper version 6.0.100.29 suffers from an XML external entity injection vulnerability. • http://packetstormsecurity.com/files/144527/Lansweeper-6.0.100.29-XXE-Injection.html http://seclists.org/fulldisclosure/2017/Oct/14 https://www.lansweeper.com/changelog.aspx • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-9292 – Lansweeper 6.0.0.63 Cross Site Scripting

https://notcve.org/view.php?id=CVE-2017-9292

Lansweeper before 6.0.0.65 has XSS in an image retrieval URI, aka Bug 542782. Lansweeper versiones anteriores a 6.0.0.65 es vulnerable a un XSS en una recuperación de imágenes URI, también conocido como Bug 542782. Lansweeper version 6.0.0.63 suffers from a cross site scripting vulnerability. • https://backbox.org/membership/lansweeper-v6-0-0-63-xss-vulnerability https://www.lansweeper.com/changelog.aspx • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •