Skip to main content

Spiceworks

7 CVEs product

Monthly

CVE-2020-25901 MEDIUM POC This Month

Host Header Injection in Spiceworks 7.5.7.0 allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Spiceworks
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
5.1%
CVE-2020-23451 HIGH POC This Week

Spiceworks Version <= 7.5.00107 is affected by CSRF which can lead to privilege escalation via "/settings/v1/users" function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Privilege Escalation Spiceworks
NVD VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-23450 MEDIUM POC This Month

Spiceworks Version <= 7.5.00107 is affected by XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Spiceworks
NVD VulDB
CVSS 3.1
5.4
EPSS
0.8%
CVE-2017-7237 CRITICAL POC THREAT Emergency

The Spiceworks TFTP Server, as distributed with Spiceworks Inventory 7.5, allows remote attackers to access the Spiceworks data\configurations directory by leveraging the unauthenticated nature of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.2%.

Information Disclosure Spiceworks
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
13.2%
CVE-2012-6658 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in SpiceWorks 5.3.75941 allow remote attackers to inject arbitrary web script or HTML via the (1) syslocation, (2) syscontact, or (3) sysName. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Spiceworks
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
2.4%
CVE-2012-2956 MEDIUM POC This Month

SQL injection vulnerability in SpiceWorks 5.3.75941 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to api_v2.json. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS SQLi Spiceworks
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
0.8%
CVE-2014-3740 LOW POC Monitor

Cross-site scripting (XSS) vulnerability in SpiceWorks before 7.2.00195 allows remote authenticated users to inject arbitrary web script or HTML via the Summary field in a ticket request to the. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Spiceworks
NVD Exploit-DB
CVSS 2.0
3.5
EPSS
2.3%
EPSS 5% CVSS 6.1
MEDIUM POC This Month

Host Header Injection in Spiceworks 7.5.7.0 allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Spiceworks
NVD GitHub Exploit-DB
EPSS 1% CVSS 8.8
HIGH POC This Week

Spiceworks Version <= 7.5.00107 is affected by CSRF which can lead to privilege escalation via "/settings/v1/users" function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Privilege Escalation Spiceworks
NVD VulDB
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Spiceworks Version <= 7.5.00107 is affected by XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Spiceworks
NVD VulDB
EPSS 13% CVSS 9.8
CRITICAL POC THREAT Emergency

The Spiceworks TFTP Server, as distributed with Spiceworks Inventory 7.5, allows remote attackers to access the Spiceworks data\configurations directory by leveraging the unauthenticated nature of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.2%.

Information Disclosure Spiceworks
NVD Exploit-DB
EPSS 2% CVSS 4.3
MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in SpiceWorks 5.3.75941 allow remote attackers to inject arbitrary web script or HTML via the (1) syslocation, (2) syscontact, or (3) sysName. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Spiceworks
NVD Exploit-DB
EPSS 1% CVSS 6.5
MEDIUM POC This Month

SQL injection vulnerability in SpiceWorks 5.3.75941 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to api_v2.json. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS SQLi Spiceworks
NVD Exploit-DB
EPSS 2% CVSS 3.5
LOW POC Monitor

Cross-site scripting (XSS) vulnerability in SpiceWorks before 7.2.00195 allows remote authenticated users to inject arbitrary web script or HTML via the Summary field in a ticket request to the. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Spiceworks
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy