CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 4CVE-2020-25901 – Spiceworks 7.5 - HTTP Header Injection
https://notcve.org/view.php?id=CVE-2020-25901
Host Header Injection in Spiceworks 7.5.7.0 allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages. Una Inyección de Encabezado Host en Spiceworks versión 7.5.7.0, permite al atacante generar enlaces arbitrarios que apuntan hacia un sitio web malicioso con páginas web de encabezado Host envenenadas Spiceworks version 7.5 suffers from an HTTP header injection vulnerability. • https://www.exploit-db.com/exploits/49299 http://packetstormsecurity.com/files/160631/Spiceworks-7.5-HTTP-Header-Injection.html https://frontend.spiceworks.com/topic/2309457-desktop-host-header-injection-vulnerability https://github.com/Ramikan/Vulnerabilities/blob/master/Spiceworks%20version%207.5%20HTTP%20Header%20Injection • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-23451
https://notcve.org/view.php?id=CVE-2020-23451
Spiceworks Version <= 7.5.00107 is affected by CSRF which can lead to privilege escalation via "/settings/v1/users" function. Spiceworks versiones anteriores a 7.5.00107, está afectada por una vulnerabilidad de tipo CSRF que puede conllevar a una escalada de privilegios por medio de la función "/settings/v1/users" • http://spiceworks.com https://abuyv.com/cve/spiceworks-csrf-via-xss • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-23450
https://notcve.org/view.php?id=CVE-2020-23450
Spiceworks Version <= 7.5.00107 is affected by XSS. Any name typed on Custom Groups function is vulnerable to stored XSS as they displayed on http://127.0.0.1/inventory/groups/ without output sanitization. Spiceworks versiones anteriores a 7.5.00107 incluyéndola, está afectada por una vulnerabilidad de tipo XSS. Cualquier nombre escrito en la función Custom Groups es vulnerable a los ataques de tipo XSS almacenado, ya que son mostrados en http://127.0.0.1/inventory/groups/ sin saneamiento de la salida • http://spiceworks.com https://abuyv.com https://abuyv.com/cve/spiceworks-stored-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 7%CPEs: 1EXPL: 2CVE-2017-7237 – SpiceWorks 7.5 TFTP - Remote File Overwrite / Upload
https://notcve.org/view.php?id=CVE-2017-7237
The Spiceworks TFTP Server, as distributed with Spiceworks Inventory 7.5, allows remote attackers to access the Spiceworks data\configurations directory by leveraging the unauthenticated nature of the TFTP service for all clients who can reach UDP port 69, as demonstrated by a WRQ (aka Write request) operation for a configuration file or an executable file. El servidor Spiceworks TFTP, tal y como se distribuye con Spiceworks Inventory 7.5, permite a atacantes remotos acceder al directorio de Spiceworks data\configurations aprovechando la naturaleza no autenticada del servicio TFTP para todos los clientes que pueden llegar al puerto UDP 69, como lo demuestra una operación WRQ (también conocido como solicitud de escritura) para un archivo de configuración o un archivo ejecutable. Spiceworks version 7.5 suffers from a TFTP improper access control file overwrite / upload vulnerability. • https://www.exploit-db.com/exploits/41825 http://hyp3rlinx.altervista.org/advisories/SPICEWORKS-IMPROPER-ACCESS-CONTROL-FILE-OVERWRITE.txt https://community.spiceworks.com/support/inventory/docs/network-config#security •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 3CVE-2012-2956 – SpiceWorks 5.3.75941 - Persistent Cross-Site Scripting / (Authenticated) SQL Injection
https://notcve.org/view.php?id=CVE-2012-2956
SQL injection vulnerability in SpiceWorks 5.3.75941 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to api_v2.json. NOTE: this entry was SPLIT per ADT2 due to different vulnerability types. CVE-2012-6658 is for the XSS. Vulnerabilidad de inyección SQL en SpiceWorks 5.3.75941 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través del parámetro id hacia api_v2.json. NOTA: esta entrada ha sido dividida por ADT2 debido a diferentes tipos de vulnerabilidad. • https://www.exploit-db.com/exploits/20063 http://osvdb.org/84113 http://www.exploit-db.com/exploits/20063 http://www.securityfocus.com/bid/54647 https://exchange.xforce.ibmcloud.com/vulnerabilities/77174 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •