CVE-2016-6600
- EPSS 90.45%
- Veröffentlicht 23.01.2017 21:59:02
- Zuletzt bearbeitet 13.05.2026 00:24:29
Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to upload and execute arbitrary JSP files via a .. (dot dot) in the fileName parameter to servlets/FileUploadServlet.
CVE-2016-6601
- EPSS 97.36%
- Veröffentlicht 23.01.2017 21:59:02
- Zuletzt bearbeitet 13.05.2026 00:24:29
Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile.
CVE-2016-6602
- EPSS 54.79%
- Veröffentlicht 23.01.2017 21:59:02
- Zuletzt bearbeitet 13.05.2026 00:24:29
ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which allows context-dependent attackers to obtain cleartext passwords by leveraging access to WEB-INF/conf/securitydbData.xml. NOTE: this issue can be combin...
CVE-2016-6603
- EPSS 86.93%
- Veröffentlicht 23.01.2017 21:59:02
- Zuletzt bearbeitet 13.05.2026 00:24:29
ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to bypass authentication and impersonate arbitrary users via the UserName HTTP header.