CVSS: 4.3EPSS: 0%CPEs: 19EXPL: 1CVE-2013-0275
https://notcve.org/view.php?id=CVE-2013-0275
Multiple cross-site scripting (XSS) vulnerabilities in Ganglia Web before 3.5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Ganglia Web anterior a v3.5.6 que permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://ganglia.info/?p=566 http://www.openwall.com/lists/oss-security/2013/02/08/6 http://www.securityfocus.com/bid/58204 https://bugzilla.redhat.com/show_bug.cgi?id=892823 https://github.com/ganglia/ganglia-web/commit/31d348947419058c43b8dfcd062e2988abd5058e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 18%CPEs: 14EXPL: 1CVE-2012-3448 – Ganglia Web Frontend < 3.5.1 - PHP Code Execution
https://notcve.org/view.php?id=CVE-2012-3448
Unspecified vulnerability in Ganglia Web before 3.5.1 allows remote attackers to execute arbitrary PHP code via unknown attack vectors. Vulnerabilidad no especificada en Ganglia Web anterior a v3.5.1 permite a atacantes remotos a ejecutar comandos PHP a través de vectores de ataque desconocidos. Ganglia Web Frontend versions prior to 3.5.1 suffer from a php code execution vulnerability. • https://www.exploit-db.com/exploits/38030 http://ganglia.info/?p=549 http://lists.fedoraproject.org/pipermail/package-announce/2012-July/084196.html http://lists.fedoraproject.org/pipermail/package-announce/2012-July/084202.html http://secunia.com/advisories/50047 http://www.debian.org/security/2013/dsa-2610 http://www.openwall.com/lists/oss-security/2012/08/02/1 http://www.securityfocus.com/bid/54699 https://bugs.gentoo.org/show_bug.cgi?id=428776 https://bugzilla.re •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2011-3741
https://notcve.org/view.php?id=CVE-2011-3741
Ganglia 3.1.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by host_view.php and certain other files. Ganglia v3.1.7 permite a atacantes remotos obtener información sensible a través de una petición directa a un archivo .php, lo que revela la ruta de instalación en un mensaje de error, como se demostró con host_view.php y algunos otros archivos. • http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/ganglia-3.1.7 http://www.openwall.com/lists/oss-security/2011/06/27/6 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 71%CPEs: 1EXPL: 1CVE-2009-0241 – Ganglia gmetad 3.0.6 - 'process_path()' Remote Stack Buffer Overflow
https://notcve.org/view.php?id=CVE-2009-0241
Stack-based buffer overflow in the process_path function in gmetad/server.c in Ganglia 3.1.1 allows remote attackers to cause a denial of service (crash) via a request to the gmetad service with a long pathname. desbordamiento de búfer basado en pila en la función process_path en gmetad/server.c en Ganglia v3.1.1 permite a atacantes remotos provocar una denegación de servicio (caida) a través de un petición al servicio gmetad con un nombre de ruta largo. • https://www.exploit-db.com/exploits/32726 http://bugzilla.ganglia.info/cgi-bin/bugzilla/show_bug.cgi?id=223 http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html http://secunia.com/advisories/33506 http://secunia.com/advisories/34228 http://secunia.com/advisories/35416 http://security.gentoo.org/glsa/glsa-200903-22.xml http://www.mail-archive.com/ganglia-developers%40lists.sourceforge.net/msg04929.html http://www.securityfocus.com/bid/33299 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2007-6465
https://notcve.org/view.php?id=CVE-2007-6465
Multiple cross-site scripting (XSS) vulnerabilities in ganglia-web in Ganglia before 3.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) c and (2) h parameters to (a) web/host_gmetrics.php; the (3) G, (4) me, (5) x, (6) n, (7) v, (8) l, (9) vl, and (10) st parameters to (b) web/graph.php; and the (11) c, (12) G, (13) h, (14) r, (15) m, (16) s, (17) cr, (18) hc, (19) sh, (20) p, (21) t, (22) jr, (23) js, (24) gw, (25) z, and (26) gs parameters to (c) web/get_context.php. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en ganglia-web de Ganglia anterior a 3.0.6 permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de los parámetros (1) c y (2) h de (a) web/host_gmetrics.php; los parámetros (3) G, (4) me, (5) x, (6) n, (7) v, (8) l, (9) vl, y (10) st de (b) web/graph.php;y los parámetros (11) c, (12) G, (13) h, (14) r, (15) m, (16) s, (17) cr, (18) hc, (19) sh, (20) p, (21) t, (22) jr, (23) js, (24) gw, (25) z, y (26) gs de (c) web/get_context.php. NOTA: algunos de estos detalles se han obtenido de información de terceros. • http://secunia.com/advisories/28116 http://sourceforge.net/project/shownotes.php?release_id=562168 http://www.osvdb.org/39515 http://www.osvdb.org/39516 http://www.osvdb.org/39517 http://www.securityfocus.com/bid/26895 http://www.vupen.com/english/advisories/2007/4250 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •