Zohocorp Webnms Framework vulnerabilities
4 known vulnerabilities affecting zohocorp/webnms_framework.
Total CVEs
4
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH1
Vulnerabilities
Page 1 of 1
CVE-2016-6602CRITICALCVSS 9.8PoCv5.22017-01-23
CVE-2016-6602 [CRITICAL] CVE-2016-6602: ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which all
ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which allows context-dependent attackers to obtain cleartext passwords by leveraging access to WEB-INF/conf/securitydbData.xml. NOTE: this issue can be combined with CVE-2016-6601 for a remote exploit.
nvd
CVE-2016-6600CRITICALCVSS 9.8PoCv5.22017-01-23
CVE-2016-6600 [CRITICAL] CWE-22 CVE-2016-6600: Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and
Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to upload and execute arbitrary JSP files via a .. (dot dot) in the fileName parameter to servlets/FileUploadServlet.
nvd
CVE-2016-6603CRITICALCVSS 9.8PoCv5.22017-01-23
CVE-2016-6603 [CRITICAL] CWE-20 CVE-2016-6603: ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to bypass authentication and impersona
ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to bypass authentication and impersonate arbitrary users via the UserName HTTP header.
nvd
CVE-2016-6601HIGHCVSS 7.5PoCv5.22017-01-23
CVE-2016-6601 [HIGH] CWE-22 CVE-2016-6601: Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 an
Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile.
nvd