Page 10 of 58 results (0.008 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via module massive operation name field. Se presenta una vulnerabilidad de tipo XSS en Pandora FMS versiones 756 y posteriores, que permite a un atacante llevar a cabo ejecuciones de código javascript por medio del campo name de operación masiva del módulo • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures https://www.incibe.es/en/cve-assignment-publication/coordinated-cves • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Found a potential security vulnerability inside the Pandora API. Affected Pandora FMS version range: all versions of NG version, up to OUM 759. This vulnerability could allow an attacker with authenticated IP to inject SQL. Se ha encontrado una potencial vulnerabilidad de seguridad dentro de la API de Pandora. Rango de versiones de Pandora FMS afectadas: todas las versiones de NG, hasta OUM 759. • https://khoori.org/posts/cve-2022-0507 https://pandorafms.com/en/security/common-vulnerabilities-and-exposures https://www.incibe.es/en/cve-assignment-publication/coordinated-cves • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 1

With an admin account, the .htaccess file in Artica Pandora FMS <=755 can be overwritten with the File Manager component. The new .htaccess file contains a Rewrite Rule with a type definition. A normal PHP file can be uploaded with this new "file type" and the code can be executed with an HTTP request. Con una cuenta de administrador, el fichero .htaccess en Artica Pandora FMS versiones anteriores a 755 incluyéndola, puede ser sobrescrito con el componente File Manager. El nuevo fichero .htaccess contiene una Regla de Reescritura con una definición de tipo. • http://artica.com http://pandora.com https://k4m1ll0.com/chained_exploit_htaccess.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

Pandora FMS through 755 allows XSS via a new Event Filter with a crafted name. Pandora FMS versiones hasta 755, permite un ataque de tipo XSS por medio de un nuevo Filtro de Eventos con un nombre diseñado • http://artica.com http://pandora.com https://k4m1ll0.com/chained_exploit_htaccess.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1

In Artica Pandora FMS <=754 in the File Manager component, there is sensitive information exposed on the client side which attackers can access. En Artica Pandora FMS versiones anteriores a 754 incluyéndola, en el componente File Manager, presenta información confidencial expuesta en el lado del cliente a la que los atacantes pueden acceder • https://k4m1ll0.com/cve-2021-34075.html • CWE-522: Insufficiently Protected Credentials •