Vulnerabilities (CVE)

Filtered by vendor Prophecyinternational Subscribe
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-5250 1 Prophecyinternational 1 Snare 2024-02-04 4.3 MEDIUM 6.5 MEDIUM
Snare for Linux before 1.7.0 has CSRF in the web interface.
CVE-2011-5247 1 Prophecyinternational 1 Snare 2024-02-04 5.0 MEDIUM 7.5 HIGH
Snare for Linux before 1.7.0 has password disclosure because the rendered page contains the field RemotePassword.
CVE-2019-11364 1 Prophecyinternational 1 Snare Central 2024-02-04 9.0 HIGH 7.2 HIGH
An OS Command Injection vulnerability in Snare Central before 7.4.5 allows remote authenticated attackers to inject arbitrary OS commands via the ServerConf/DataManagement/DiskManager.php FORMNAS_share parameter.
CVE-2019-11363 1 Prophecyinternational 1 Snare Central 2024-02-04 6.5 MEDIUM 7.2 HIGH
A SQL injection vulnerability in Snare Central before 7.4.5 allows remote authenticated attackers to execute arbitrary SQL commands via the AgentConsole/UserGroupQuery.php ShowUser parameter.