|
260731
|
- |
|
gwos
|
groundwork_monitor
|
cgi-bin/performance/perfchart.cgi in the Performance component in GroundWork Monitor Enterprise 6.7.0 does not properly restrict XML content, which allows remote attackers to execute arbitrary comman…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-3506
|
2013-05-8 21:09 |
2013-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260732
|
- |
|
gwos
|
groundwork_monitor
|
The NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to obtain sensitive information via a direct request for (1) a configuration file, (2) a database dump, or …
|
CWE-200
Information Exposure
|
CVE-2013-3507
|
2013-05-8 21:09 |
2013-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260733
|
- |
|
gwos
|
groundwork_monitor
|
html/System-Files.php in the System File Overview feature in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to execute arbitrary commands via vectors invo…
|
CWE-94
Code Injection
|
CVE-2013-3508
|
2013-05-8 21:09 |
2013-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260734
|
- |
|
gwos
|
groundwork_monitor
|
html/System-NeDi.php in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the scan functionality in…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-3509
|
2013-05-8 21:09 |
2013-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260735
|
- |
|
gwos
|
groundwork_monitor
|
Multiple SQL injection vulnerabilities in GroundWork Monitor Enterprise 6.7.0 allow remote authenticated users to execute arbitrary SQL commands via (1) nedi/html/System-Export.php, (2) nedi/html/Dev…
|
CWE-89
SQL Injection
|
CVE-2013-3510
|
2013-05-8 21:09 |
2013-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260736
|
- |
|
gwos
|
groundwork_monitor
|
Open redirect vulnerability in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified …
|
CWE-20
Improper Input Validation
|
CVE-2013-3511
|
2013-05-8 21:09 |
2013-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260737
|
- |
|
gwos
|
groundwork_monitor
|
The Cacti component in GroundWork Monitor Enterprise 6.7.0 does not properly perform authorization checks, which allows remote authenticated users to read or modify configuration settings via unspeci…
|
CWE-20
Improper Input Validation
|
CVE-2013-3512
|
2013-05-8 21:09 |
2013-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260738
|
- |
|
gwos
|
groundwork_monitor
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the Noma component in GroundWork Monitor Enterprise 6.7.0 allow remote attackers to hijack the authentication of unspecified victims for …
|
CWE-352
Origin Validation Error
|
CVE-2013-3513
|
2013-05-8 21:09 |
2013-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260739
|
- |
|
emc
|
rsa_archer_egrc
rsa_archer_smartsuite
|
EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allows remote authenticated users to bypass intended access restrictions and modify global reports via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-0934
|
2013-05-7 21:56 |
2013-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260740
|
- |
|
emc
|
rsa_archer_egrc
rsa_archer_smartsuite
|
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allow remote attackers to inject arbitrary web script or HTML via un…
|
CWE-79
Cross-site Scripting
|
CVE-2013-0933
|
2013-05-7 21:51 |
2013-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
