CVSS: 5.5EPSS: 0%CPEs: 46EXPL: 0CVE-2014-1685
https://notcve.org/view.php?id=CVE-2014-1685
The Frontend in Zabbix before 1.8.20rc2, 2.0.x before 2.0.11rc2, and 2.2.x before 2.2.2rc1 allows remote "Zabbix Admin" users to modify the media of arbitrary users via unspecified vectors. Frontend en Zabbix anterior a 1.8.20rc2, 2.0.x anterior a 2.0.11rc2 y 2.2.x anterior a 2.2.2rc1 permite a usuarios remotos 'de administración de Zabbix' modificar los medios de usuarios arbitrarios a través de vectores no especificados. • http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132376.html http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132377.html https://support.zabbix.com/browse/ZBX-7693 •
CVSS: 4.3EPSS: 0%CPEs: 22EXPL: 0CVE-2012-6086
https://notcve.org/view.php?id=CVE-2012-6086
libs/zbxmedia/eztexting.c in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.8rc1, and 2.1.x before 2.1.2 does not properly set the CURLOPT_SSL_VERIFYHOST option for libcurl, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. libs/zbxmedia/eztexting.c en Zabbix 1.8.x anterior 1.8.18rc1, 2.0.x anterior a 2.0.8rc1, y 2.1.x anterior a 2.1.2 no fija adecuadamente la opción CURLOPT_SSL_VERIFYHOST para libcurl, lo que permite a atacantes man-in-the-middle falsificar servidores SSL a través de un certificado válido arbitrario. • http://www.openwall.com/lists/oss-security/2013/01/03/1 http://www.securityfocus.com/bid/57103 https://support.zabbix.com/browse/ZBX-5924 • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2013-6824
https://notcve.org/view.php?id=CVE-2013-6824
Zabbix before 1.8.19rc1, 2.0 before 2.0.10rc1, and 2.2 before 2.2.1rc1 allows remote Zabbix servers and proxies to execute arbitrary commands via a newline in a flexible user parameter. Zabbix anteriores a 1.8.19rc1, 2.0 anteriores a 2.0.10rc1 y 2.2 anteriores a 2.2.1rc1 permite a servidores y proxies Zabbix remotos ejectar comandos de forma arbitraria a través de una newline con unos parámetros de usuarios flexibles. • http://security.gentoo.org/glsa/glsa-201401-26.xml http://www.zabbix.com/rn1.8.19rc1.php http://www.zabbix.com/rn2.0.10rc1.php http://www.zabbix.com/rn2.2.1rc1.php https://support.zabbix.com/browse/ZBX-7479 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2013-1364
https://notcve.org/view.php?id=CVE-2013-1364
The user.login function in Zabbix before 1.8.16 and 2.x before 2.0.5rc1 allows remote attackers to override LDAP configuration via the cnf parameter. La función user.login en Zabbix anteriores a 1.8.16 y 2.x (anteriores a 2.0.5rc1) permite a atacantes remotos sobreescribir configuraciones LDAP a través del parámetro cnf. • http://secunia.com/advisories/55824 http://security.gentoo.org/glsa/glsa-201311-15.xml http://www.securityfocus.com/bid/57471 http://www.zabbix.com/rn1.8.16.php http://www.zabbix.com/rn2.0.5rc1.php https://support.zabbix.com/browse/ZBX-6097 • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 94%CPEs: 1EXPL: 2CVE-2013-3628 – Zabbix - (Authenticated) Remote Command Execution
https://notcve.org/view.php?id=CVE-2013-3628
Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability Zabbix versión 2.0.9, presenta una Vulnerabilidad de Ejecución de Comandos Arbitraria. • https://www.exploit-db.com/exploits/29321 http://www.exploit-db.com/exploits/29321 http://www.securityfocus.com/bid/63453 https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats https://www.rapid7.com/blog/post/2013/10/30/seven-tricks-and-treats • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •