Filtered by vendor Infoblox
Subscribe
Total
24 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2025-32813 | 1 Infoblox | 1 Netmri | 2025-06-03 | N/A | 7.2 HIGH |
An issue was discovered in Infoblox NETMRI before 7.6.1. Remote Unauthenticated Command Injection can occur. | |||||
CVE-2024-54188 | 1 Infoblox | 1 Netmri | 2025-06-03 | N/A | 5.3 MEDIUM |
Infoblox NETMRI before 7.6.1 has a vulnerability allowing remote authenticated users to read arbitrary files with root access. | |||||
CVE-2025-32814 | 1 Infoblox | 1 Netmri | 2025-06-03 | N/A | 9.8 CRITICAL |
An issue was discovered in Infoblox NETMRI before 7.6.1. Unauthenticated SQL Injection can occur. | |||||
CVE-2025-32815 | 1 Infoblox | 1 Netmri | 2025-06-03 | N/A | 6.5 MEDIUM |
An issue was discovered in Infoblox NETMRI before 7.6.1. Authentication Bypass via a Hardcoded credential can occur. | |||||
CVE-2024-52874 | 1 Infoblox | 1 Netmri | 2025-05-30 | N/A | 8.8 HIGH |
In Infoblox NETMRI before 7.6.1, authenticated users can perform SQL injection attacks. | |||||
CVE-2016-6484 | 1 Infoblox | 1 Netmri | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
CRLF injection vulnerability in Infoblox Network Automation NetMRI before 7.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the contentType parameter in a login action to config/userAdmin/login.tdf. | |||||
CVE-2014-3419 | 1 Infoblox | 1 Netmri | 2025-04-12 | 7.2 HIGH | N/A |
Infoblox NetMRI before 6.8.5 has a default password of admin for the "root" MySQL database account, which makes it easier for local users to obtain access via unspecified vectors. | |||||
CVE-2014-3418 | 1 Infoblox | 1 Netmri | 2025-04-12 | 10.0 HIGH | N/A |
config/userAdmin/login.tdf in Infoblox NetMRI before 6.8.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the skipjackUsername parameter. | |||||
CVE-2015-2033 | 1 Infoblox | 1 Netmri | 2025-04-12 | 10.0 HIGH | N/A |
Anyterm Daemon in Infoblox Network Automation NetMRI before NETMRI-23483 allows remote attackers to execute arbitrary commands with root privileges via a crafted terminal/anyterm-module request. | |||||
CVE-2011-5178 | 1 Infoblox | 1 Netmri | 2025-04-11 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in netmri/config/userAdmin/login.tdf in Infoblox NetMRI 6.0.2.42, 6.1.2, 6.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) eulaAccepted or (2) mode parameter. | |||||
CVE-2024-36046 | 1 Infoblox | 1 Nios | 2025-04-10 | N/A | 9.8 CRITICAL |
Infoblox NIOS through 8.6.4 executes with more privileges than required. | |||||
CVE-2024-36047 | 1 Infoblox | 1 Nios | 2025-04-10 | N/A | 9.8 CRITICAL |
Infoblox NIOS through 8.6.4 and 9.x through 9.0.3 has Improper Input Validation. | |||||
CVE-2024-37567 | 1 Infoblox | 1 Nios | 2025-04-10 | N/A | 9.1 CRITICAL |
Infoblox NIOS through 8.6.4 has Improper Access Control for Grids. | |||||
CVE-2024-37566 | 1 Infoblox | 1 Nios | 2025-04-10 | N/A | 9.8 CRITICAL |
Infoblox NIOS through 8.6.4 has Improper Authentication for Grids. | |||||
CVE-2004-0460 | 5 Infoblox, Isc, Mandrakesoft and 2 more | 11 Dns One Appliance, Dhcpd, Mandrake Linux and 8 more | 2025-04-03 | 10.0 HIGH | N/A |
Buffer overflow in the logging capability for the DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via multiple hostname options in (1) DISCOVER, (2) OFFER, (3) REQUEST, (4) ACK, or (5) NAK messages, which can generate a long string when writing to a log file. | |||||
CVE-2004-0606 | 1 Infoblox | 1 Dns One Appliance | 2025-04-03 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Infoblox DNS One running firmware 2.4.0-8 and earlier allows remote attackers to execute arbitrary scripts as other users via the (1) CLIENTID or (2) HOSTNAME option of a DHCP request. | |||||
CVE-2004-0461 | 5 Infoblox, Isc, Mandrakesoft and 2 more | 11 Dns One Appliance, Dhcpd, Mandrake Linux and 8 more | 2025-04-03 | 10.0 HIGH | N/A |
The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when compiled in environments that do not provide the vsnprintf function, uses C include files that define vsnprintf to use the less safe vsprintf function, which can lead to buffer overflow vulnerabilities that enable a denial of service (server crash) and possibly execute arbitrary code. | |||||
CVE-2002-2213 | 2 Infoblox, Isc | 2 Dns One, Bind | 2025-04-03 | 5.0 MEDIUM | N/A |
The DNS resolver in unspecified versions of Infoblox DNS One, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods. | |||||
CVE-2022-32972 | 1 Infoblox | 1 Bloxone Endpoint | 2025-03-18 | N/A | 7.8 HIGH |
Infoblox BloxOne Endpoint for Windows through 2.2.7 allows DLL injection that can result in local privilege escalation. | |||||
CVE-2023-37249 | 1 Infoblox | 1 Nios | 2024-11-21 | N/A | 8.8 HIGH |
Infoblox NIOS through 8.5.1 has a faulty component that accepts malicious input without sanitization, resulting in shell access. |