CVE-2014-9610 | Vulnerability Database | Aqua Security

Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and remove IP addresses from the quarantine via the ip parameter to webadmin/user/quarantine_disable.php.

Affected Software

Name	Vendor	Start Version	End Version
Netsweeper	Netsweeper	*	3.1.9 (including)
Netsweeper	Netsweeper	4.0.0 (including)	4.0.0 (including)
Netsweeper	Netsweeper	4.0.1 (including)	4.0.1 (including)
Netsweeper	Netsweeper	4.0.2 (including)	4.0.2 (including)
Netsweeper	Netsweeper	4.0.3 (including)	4.0.3 (including)
Netsweeper	Netsweeper	4.0.4 (including)	4.0.4 (including)
Netsweeper	Netsweeper	4.0.5 (including)	4.0.5 (including)
Netsweeper	Netsweeper	4.0.6 (including)	4.0.6 (including)
Netsweeper	Netsweeper	4.0.7 (including)	4.0.7 (including)
Netsweeper	Netsweeper	4.0.8 (including)	4.0.8 (including)
Netsweeper	Netsweeper	4.1.0 (including)	4.1.0 (including)
Netsweeper	Netsweeper	4.1.1 (including)	4.1.1 (including)

References

http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html
https://www.exploit-db.com/exploits/37929/
http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html
https://www.exploit-db.com/exploits/37929/

NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-9610
CWE	https://cwe.mitre.org/data/definitions/264.html