VYPR

Lansweeper

by Lansweeper

CVEs (18)

  • CVE-2022-29517CriDec 15, 2022
    risk 0.69cvss 9.9epss 0.60

    A directory traversal vulnerability exists in the HelpdeskActions.aspx edittemplate functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can send an HTTP request to trigger this vulnerability.

  • CVE-2020-14011CriJun 15, 2020
    risk 0.69cvss 9.8epss 0.29

    Lansweeper 6.0.x through 7.2.x has a default installation in which the admin password is configured for the admin account, unless "Built-in admin" is manually unchecked. This allows command execution via the Add New Package and Scheduled Deployments features.

  • CVE-2022-32573CriDec 15, 2022
    risk 0.65cvss 9.9epss 0.04

    A directory traversal vulnerability exists in the AssetActions.aspx addDoc functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can send an HTTP request to trigger this vulnerability.

  • CVE-2017-13706CriOct 10, 2017
    risk 0.65cvss 9.9epss 0.02

    XML external entity (XXE) vulnerability in the import package functionality of the deployment module in Lansweeper before 6.0.100.67 allows remote authenticated users to obtain sensitive information, cause a denial of service, conduct server-side request forgery (SSRF) attacks,…

  • CVE-2015-9264CriAug 27, 2018
    risk 0.64cvss 9.8epss 0.02

    Lansweeper 4.x through 6.x before 6.0.0.48 allows attackers to execute arbitrary code on the administrator's workstation via a crafted Windows service.

  • CVE-2022-22149HigApr 14, 2022
    risk 0.63cvss 8.8epss 0.73

    A SQL injection vulnerability exists in the HelpdeskEmailActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

  • CVE-2022-21234HigApr 14, 2022
    risk 0.63cvss 8.8epss 0.73

    An SQL injection vulnerability exists in the EchoAssets.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

  • CVE-2022-21210HigApr 14, 2022
    risk 0.63cvss 8.8epss 0.71

    An SQL injection vulnerability exists in the AssetActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

  • CVE-2019-13462CriAug 12, 2019
    risk 0.60cvss 9.1epss 0.11

    Lansweeper before 7.1.117.4 allows unauthenticated SQL injection.

  • CVE-2020-13658HigSep 30, 2020
    risk 0.52cvss 8.0epss 0.00

    In Lansweeper 8.0.130.17, the web console is vulnerable to a CSRF attack that would allow a low-level Lansweeper user to elevate their privileges within the application.

  • CVE-2022-27498MedDec 15, 2022
    risk 0.45cvss 6.5epss 0.38

    A directory traversal vulnerability exists in the TicketTemplateActions.aspx GetTemplateAttachment functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this…

  • CVE-2017-16841MedNov 16, 2017
    risk 0.43cvss 6.1epss 0.01

    LanSweeper 6.0.100.75 has XSS via the description parameter to /Calendar/CalendarActions.aspx.

  • CVE-2022-29511MedDec 15, 2022
    risk 0.42cvss 6.5epss 0.02

    A directory traversal vulnerability exists in the KnowledgebasePageActions.aspx ImportArticles functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability.

  • CVE-2022-32763MedDec 15, 2022
    risk 0.40cvss 6.1epss 0.01

    A cross-site scripting (xss) sanitization vulnerability bypass exists in the SanitizeHtml functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger this…

  • CVE-2019-18955MedDec 19, 2019
    risk 0.40cvss 6.1epss 0.01

    The web console in Lansweeper 7.2.105.2 has XSS via the URL path. Product vulnerability has been fixed and disclosed within changelog as of 02 Dec 2019.

  • CVE-2017-9292MedMay 29, 2017
    risk 0.40cvss 6.1epss 0.01

    Lansweeper before 6.0.0.65 has XSS in an image retrieval URI, aka Bug 542782.

  • CVE-2022-21145MedApr 14, 2022
    risk 0.37cvss 4.8epss 0.78

    A stored cross-site scripting vulnerability exists in the WebUserActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger this vulnerability.

  • CVE-2022-28703MedDec 15, 2022
    risk 0.35cvss 5.4epss 0.01

    A stored cross-site scripting vulnerability exists in the HdConfigActions.aspx altertextlanguages functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger…