Filtered by vendor Pandorafms
Subscribe
Total
36 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-46680 | 1 Pandorafms | 1 Pandora Fms | 2024-02-04 | N/A | 6.1 MEDIUM |
| A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the module form name field. | |||||
| CVE-2022-2059 | 1 Pandorafms | 1 Pandora Fms | 2024-02-04 | N/A | 4.8 MEDIUM |
| In Pandora FMS v7.0NG.761 and below, in the agent creation section, the alias parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system. | |||||
| CVE-2022-0507 | 1 Pandorafms | 1 Pandora Fms | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| Found a potential security vulnerability inside the Pandora API. Affected Pandora FMS version range: all versions of NG version, up to OUM 759. This vulnerability could allow an attacker with authenticated IP to inject SQL. | |||||
| CVE-2021-34074 | 1 Pandorafms | 1 Pandora Fms | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| PandoraFMS <=7.54 allows arbitrary file upload, it leading to remote command execution via the File Manager. To bypass the built-in protection, a relative path is used in the requests. | |||||
| CVE-2021-35501 | 1 Pandorafms | 1 Pandora Fms | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| PandoraFMS <=7.54 allows Stored XSS by placing a payload in the name field of a visual console. When a user or an administrator visits the console, the XSS payload will be executed. | |||||
| CVE-2020-13854 | 1 Pandorafms | 1 Pandora Fms | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| Artica Pandora FMS 7.44 allows privilege escalation. | |||||
| CVE-2020-13852 | 1 Pandorafms | 1 Pandora Fms | 2024-02-04 | 9.0 HIGH | 7.2 HIGH |
| Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Manager feature. | |||||
| CVE-2020-11749 | 1 Pandorafms | 1 Pandora Fms | 2024-02-04 | 8.5 HIGH | 9.0 CRITICAL |
| Pandora FMS 7.0 NG <= 746 suffers from Multiple XSS vulnerabilities in different browser views. A network administrator scanning a SNMP device can trigger a Cross Site Scripting (XSS), which can run arbitrary code to allow Remote Code Execution as root or apache2. | |||||
| CVE-2020-13850 | 1 Pandorafms | 1 Pandora Fms | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Artica Pandora FMS 7.44 has inadequate access controls on a web folder. | |||||
| CVE-2020-13853 | 1 Pandorafms | 1 Pandora Fms | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Artica Pandora FMS 7.44 has persistent XSS in the Messages feature. | |||||
| CVE-2020-13855 | 1 Pandorafms | 1 Pandora Fms | 2024-02-04 | 9.0 HIGH | 7.2 HIGH |
| Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Repository Manager feature. | |||||
| CVE-2020-13851 | 1 Pandorafms | 1 Pandora Fms | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
| Artica Pandora FMS 7.44 allows remote command execution via the events feature. | |||||
| CVE-2019-19968 | 1 Pandorafms | 1 Pandora Fms | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| PandoraFMS 742 suffers from multiple XSS vulnerabilities, affecting the Agent Management, Report Builder, and Graph Builder components. An authenticated user can inject dangerous content into a data store that is later read and included in dynamic content. | |||||
| CVE-2019-13035 | 1 Pandorafms | 1 Pandora Fms | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| Artica Pandora FMS 7.0 NG before 735 suffers from local privilege escalation due to improper permissions on C:\PandoraFMS and its sub-folders, allowing standard users to create new files. Moreover, the Apache service httpd.exe will try to execute cmd.exe from C:\PandoraFMS (the current directory) as NT AUTHORITY\SYSTEM upon web requests to the portal. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITY\SYSTEM. | |||||
| CVE-2018-11223 | 1 Pandorafms | 1 Artica Pandora Fms | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| XSS in Artica Pandora FMS before 7.0 NG 723 allows an attacker to execute arbitrary code via a crafted "refr" parameter in a "/pandora_console/index.php?sec=estado&sec2=operation/agentes/estado_agente&refr=" call. | |||||
| CVE-2014-8629 | 1 Pandorafms | 1 Pandora Flexible Monitoring System | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Page visualization agents in Pandora FMS 5.1 SP1 and earlier allows remote attackers to inject arbitrary web script or HTML via the refr parameter to index.php. | |||||