Filtered by vendor Zohocorp
Subscriptions
Filtered by product Webnms Framework
Subscriptions
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-6603 | 1 Zohocorp | 1 Webnms Framework | 2018-10-09 | N/A |
| ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to bypass authentication and impersonate arbitrary users via the UserName HTTP header. | ||||
| CVE-2016-6602 | 1 Zohocorp | 1 Webnms Framework | 2018-10-09 | N/A |
| ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which allows context-dependent attackers to obtain cleartext passwords by leveraging access to WEB-INF/conf/securitydbData.xml. NOTE: this issue can be combined with CVE-2016-6601 for a remote exploit. | ||||
| CVE-2016-6601 | 1 Zohocorp | 1 Webnms Framework | 2018-10-09 | N/A |
| Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile. | ||||
| CVE-2016-6600 | 1 Zohocorp | 1 Webnms Framework | 2018-10-09 | N/A |
| Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to upload and execute arbitrary JSP files via a .. (dot dot) in the fileName parameter to servlets/FileUploadServlet. | ||||
Page 1 of 1.