Filtered by vendor Pandorafms
Subscribe
Total
42 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-26308 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | N/A | 3.7 LOW |
| Pandora FMS v7.0NG.760 and below allows an improper access control in Configuration (Credential store) where a user with the role of Operator (Write) could create, delete, view existing keys which are outside the intended role. | |||||
| CVE-2022-1648 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | N/A | 5.7 MEDIUM |
| Pandora FMS v7.0NG.760 and below allows a relative path traversal in File Manager where a privileged user could upload a .php file outside the intended images directory which is restricted to execute the .php file. The impact could lead to a Remote Code Execution with running application privilege. | |||||
| CVE-2022-0507 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | 6.5 MEDIUM | 5.8 MEDIUM |
| Found a potential security vulnerability inside the Pandora API. Affected Pandora FMS version range: all versions of NG version, up to OUM 759. This vulnerability could allow an attacker with authenticated IP to inject SQL. | |||||
| CVE-2021-46680 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | N/A | 4.0 MEDIUM |
| A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the module form name field. | |||||
| CVE-2021-46679 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | N/A | 4.0 MEDIUM |
| A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via service elements. | |||||
| CVE-2021-46678 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | N/A | 4.0 MEDIUM |
| A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the service name field. | |||||
| CVE-2021-46677 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | N/A | 4.0 MEDIUM |
| A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the event filter name field. | |||||
| CVE-2021-46676 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | N/A | 4.0 MEDIUM |
| A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the transactional maps name field. | |||||
| CVE-2021-35501 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| PandoraFMS <=7.54 allows Stored XSS by placing a payload in the name field of a visual console. When a user or an administrator visits the console, the XSS payload will be executed. | |||||
| CVE-2021-34074 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| PandoraFMS <=7.54 allows arbitrary file upload, it leading to remote command execution via the File Manager. To bypass the built-in protection, a relative path is used in the requests. | |||||
| CVE-2020-13855 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Repository Manager feature. | |||||
| CVE-2020-13854 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Artica Pandora FMS 7.44 allows privilege escalation. | |||||
| CVE-2020-13853 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Artica Pandora FMS 7.44 has persistent XSS in the Messages feature. | |||||
| CVE-2020-13852 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Manager feature. | |||||
| CVE-2020-13851 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Artica Pandora FMS 7.44 allows remote command execution via the events feature. | |||||
| CVE-2020-13850 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Artica Pandora FMS 7.44 has inadequate access controls on a web folder. | |||||
| CVE-2020-11749 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | 8.5 HIGH | 9.0 CRITICAL |
| Pandora FMS 7.0 NG <= 746 suffers from Multiple XSS vulnerabilities in different browser views. A network administrator scanning a SNMP device can trigger a Cross Site Scripting (XSS), which can run arbitrary code to allow Remote Code Execution as root or apache2. | |||||
| CVE-2019-19968 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| PandoraFMS 742 suffers from multiple XSS vulnerabilities, affecting the Agent Management, Report Builder, and Graph Builder components. An authenticated user can inject dangerous content into a data store that is later read and included in dynamic content. | |||||
| CVE-2019-13035 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Artica Pandora FMS 7.0 NG before 735 suffers from local privilege escalation due to improper permissions on C:\PandoraFMS and its sub-folders, allowing standard users to create new files. Moreover, the Apache service httpd.exe will try to execute cmd.exe from C:\PandoraFMS (the current directory) as NT AUTHORITY\SYSTEM upon web requests to the portal. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITY\SYSTEM. | |||||
| CVE-2018-11223 | 1 Pandorafms | 1 Artica Pandora Fms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| XSS in Artica Pandora FMS before 7.0 NG 723 allows an attacker to execute arbitrary code via a crafted "refr" parameter in a "/pandora_console/index.php?sec=estado&sec2=operation/agentes/estado_agente&refr=" call. | |||||