Zohocorp

Webnms Framework

4 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2016-6600

Exploit
  • EPSS 90.64%
  • Published 23.01.2017 21:59:02
  • Last modified 20.04.2025 01:37:25

Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to upload and execute arbitrary JSP files via a .. (dot dot) in the fileName parameter to servlets/FileUploadServlet.

7.5

CVE-2016-6601

Exploit
  • EPSS 92.78%
  • Published 23.01.2017 21:59:02
  • Last modified 20.04.2025 01:37:25

Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile.

9.8

CVE-2016-6602

Exploit
  • EPSS 47.77%
  • Published 23.01.2017 21:59:02
  • Last modified 20.04.2025 01:37:25

ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which allows context-dependent attackers to obtain cleartext passwords by leveraging access to WEB-INF/conf/securitydbData.xml. NOTE: this issue can be combin...

9.8

CVE-2016-6603

Exploit
  • EPSS 70.32%
  • Published 23.01.2017 21:59:02
  • Last modified 20.04.2025 01:37:25

ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to bypass authentication and impersonate arbitrary users via the UserName HTTP header.