Page 11 of 92 results (0.009 seconds)

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0

In Pandora FMS v7.0NG.761 and below, in the agent creation section, the alias parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system. En Pandora FMS versiones v7.0NG.761 y anteriores, en la sección de creación de agentes, el parámetro alias es vulnerable a un ataque de tipo Cross Site-Scripting Almacenado. Esta vulnerabilidad puede ser explotada por un atacante con privilegios de administrador registrado en el sistema • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0

In Pandora FMS v7.0NG.761 and below, in the file manager section, the dirname parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system. En Pandora FMS versiones v7.0NG.761 y anteriores, en la sección de administración de ficheros, el parámetro dirname es vulnerable a un Stored Cross Site-Scripting. Esta vulnerabilidad puede ser explotada por un atacante privilegiado de administrador registrado en el sistema • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures https://www.incibe.es/en/cve-assignment-publication/coordinated-cves • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Found a potential security vulnerability inside the Pandora API. Affected Pandora FMS version range: all versions of NG version, up to OUM 759. This vulnerability could allow an attacker with authenticated IP to inject SQL. Se ha encontrado una potencial vulnerabilidad de seguridad dentro de la API de Pandora. Rango de versiones de Pandora FMS afectadas: todas las versiones de NG, hasta OUM 759. • https://khoori.org/posts/cve-2022-0507 https://pandorafms.com/en/security/common-vulnerabilities-and-exposures https://www.incibe.es/en/cve-assignment-publication/coordinated-cves • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 1

With an admin account, the .htaccess file in Artica Pandora FMS <=755 can be overwritten with the File Manager component. The new .htaccess file contains a Rewrite Rule with a type definition. A normal PHP file can be uploaded with this new "file type" and the code can be executed with an HTTP request. Con una cuenta de administrador, el fichero .htaccess en Artica Pandora FMS versiones anteriores a 755 incluyéndola, puede ser sobrescrito con el componente File Manager. El nuevo fichero .htaccess contiene una Regla de Reescritura con una definición de tipo. • http://artica.com http://pandora.com https://k4m1ll0.com/chained_exploit_htaccess.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

Pandora FMS through 755 allows XSS via a new Event Filter with a crafted name. Pandora FMS versiones hasta 755, permite un ataque de tipo XSS por medio de un nuevo Filtro de Eventos con un nombre diseñado • http://artica.com http://pandora.com https://k4m1ll0.com/chained_exploit_htaccess.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •