Page 4 of 55 results (0.005 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-41787 – Arbitrary File Read

https://notcve.org/view.php?id=CVE-2023-41787

Uncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Paths. This vulnerability allows access to files with sensitive information. This issue affects Pandora FMS: from 700 through 772. Vulnerabilidad no controlada del elemento de ruta de búsqueda en Pandora FMS permite aprovechar/manipular rutas de búsqueda de archivos de configuración. Esta vulnerabilidad permite el acceso a archivos con información sensible. • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-427: Uncontrolled Search Path Element •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-41786 – Database backups availability by low-privileged users

https://notcve.org/view.php?id=CVE-2023-41786

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pandora FMS on all allows File Discovery. This vulnerability allows users with low privileges to download database backups. This issue affects Pandora FMS: from 700 through 772. Vulnerabilidad de exposición de información sensible a un actor no autorizado en Pandora FMS en todos los casos que permite File Discovery. Esta vulnerabilidad permite a los usuarios con privilegios bajos descargar copias de seguridad de bases de datos. • https://https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-668: Exposure of Resource to Wrong Sphere •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-4677 – Unauthenticated Admin Account Takeover Via Cron Log File Backups

https://notcve.org/view.php?id=CVE-2023-4677

Cron log backup files contain administrator session IDs. It is trivial for any attacker who can reach the Pandora FMS Console to scrape the cron logs directory for cron log backups. The contents of these log files can then be abused to authenticate to the application as an administrator. This issue affects Pandora FMS <= 772. Los archivos de copia de seguridad del registro Cron contienen ID de sesión de administrador. • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-287: Improper Authentication CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-46681 – Vulnerability XSS in module mass operation name field

https://notcve.org/view.php?id=CVE-2021-46681

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via module massive operation name field. Se presenta una vulnerabilidad de tipo XSS en Pandora FMS versiones 756 y posteriores, que permite a un atacante llevar a cabo ejecuciones de código javascript por medio del campo name de operación masiva del módulo • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures https://www.incibe.es/en/cve-assignment-publication/coordinated-cves • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-41739

https://notcve.org/view.php?id=CVE-2021-41739

A OS Command Injection vulnerability was discovered in Artica Proxy 4.30.000000. Attackers can execute OS commands in cyrus.events.php with GET param logs and POST param rp. Se ha detectado una vulnerabilidad de inyección de comandos del Sistema Operativo en Artica Proxy versión 4.30.000000. Los atacantes pueden ejecutar comandos OS en el archivo cyrus.events.php con GET param logs y POST param rp • https://medium.com/%40rootless724/artica-proxy-4-30-cyrus-events-php-rce-3aa2a868c695 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •