NotCVE - vendor:"Ganglia" product:"Ganglia" version:" <= 3.05"

3 results (0.005 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

CVE-2011-3741

https://notcve.org/view.php?id=CVE-2011-3741

23 Sep 2011 — Ganglia 3.1.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by host_view.php and certain other files. Ganglia v3.1.7 permite a atacantes remotos obtener información sensible a través de una petición directa a un archivo .php, lo que revela la ruta de instalación en un mensaje de error, como se demostró con host_view.php y algunos otros archivos. • http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 11%CPEs: 1EXPL: 1

CVE-2009-0241 – Ganglia gmetad 3.0.6 - 'process_path()' Remote Stack Buffer Overflow

https://notcve.org/view.php?id=CVE-2009-0241

21 Jan 2009 — Stack-based buffer overflow in the process_path function in gmetad/server.c in Ganglia 3.1.1 allows remote attackers to cause a denial of service (crash) via a request to the gmetad service with a long pathname. desbordamiento de búfer basado en pila en la función process_path en gmetad/server.c en Ganglia v3.1.1 permite a atacantes remotos provocar una denegación de servicio (caida) a través de un petición al servicio gmetad con un nombre de ruta largo. • https://www.exploit-db.com/exploits/32726 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2007-6465

https://notcve.org/view.php?id=CVE-2007-6465

20 Dec 2007 — Multiple cross-site scripting (XSS) vulnerabilities in ganglia-web in Ganglia before 3.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) c and (2) h parameters to (a) web/host_gmetrics.php; the (3) G, (4) me, (5) x, (6) n, (7) v, (8) l, (9) vl, and (10) st parameters to (b) web/graph.php; and the (11) c, (12) G, (13) h, (14) r, (15) m, (16) s, (17) cr, (18) hc, (19) sh, (20) p, (21) t, (22) jr, (23) js, (24) gw, (25) z, and (26) gs parameters to (c) web/get_context.php. NOTE: som... • http://secunia.com/advisories/28116 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •