CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2013-6824
https://notcve.org/view.php?id=CVE-2013-6824
Zabbix before 1.8.19rc1, 2.0 before 2.0.10rc1, and 2.2 before 2.2.1rc1 allows remote Zabbix servers and proxies to execute arbitrary commands via a newline in a flexible user parameter. Zabbix anteriores a 1.8.19rc1, 2.0 anteriores a 2.0.10rc1 y 2.2 anteriores a 2.2.1rc1 permite a servidores y proxies Zabbix remotos ejectar comandos de forma arbitraria a través de una newline con unos parámetros de usuarios flexibles. • http://security.gentoo.org/glsa/glsa-201401-26.xml http://www.zabbix.com/rn1.8.19rc1.php http://www.zabbix.com/rn2.0.10rc1.php http://www.zabbix.com/rn2.2.1rc1.php https://support.zabbix.com/browse/ZBX-7479 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2013-1364
https://notcve.org/view.php?id=CVE-2013-1364
The user.login function in Zabbix before 1.8.16 and 2.x before 2.0.5rc1 allows remote attackers to override LDAP configuration via the cnf parameter. La función user.login en Zabbix anteriores a 1.8.16 y 2.x (anteriores a 2.0.5rc1) permite a atacantes remotos sobreescribir configuraciones LDAP a través del parámetro cnf. • http://secunia.com/advisories/55824 http://security.gentoo.org/glsa/glsa-201311-15.xml http://www.securityfocus.com/bid/57471 http://www.zabbix.com/rn1.8.16.php http://www.zabbix.com/rn2.0.5rc1.php https://support.zabbix.com/browse/ZBX-6097 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 97%CPEs: 3EXPL: 2CVE-2013-5743 – Zabbix 2.0.8 - SQL Injection / Remote Code Execution
https://notcve.org/view.php?id=CVE-2013-5743
Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7. Múltiples vulnerabilidades de inyección SQL en Zabbix versiones 1.8.x anteriores a 1.8.18rc1, versiones 2.0.x anteriores a 2.0.9rc1 y versiones 2.1.x anteriores a 2.1.7. • https://www.exploit-db.com/exploits/28972 https://admin.fedoraproject.org/updates/zabbix-1.8.18-1.el6 https://admin.fedoraproject.org/updates/zabbix20-2.0.8-3.el6 https://admin.fedoraproject.org/updates/zabbix20-2.0.9-1.el5 https://support.zabbix.com/browse/ZBX-7091 https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/zabbix_sqli.rb • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 70EXPL: 4CVE-2012-3435 – Zabbix 2.0.1 - Session Extractor
https://notcve.org/view.php?id=CVE-2012-3435
SQL injection vulnerability in frontends/php/popup_bitem.php in Zabbix 1.8.15rc1 and earlier, and 2.x before 2.0.2rc1, allows remote attackers to execute arbitrary SQL commands via the itemid parameter. Vulnerabilidad de inyección SQL en interfaces/php/popup_bitem.php en Zabbix v1.8.15rc1 y anteriores, y v2.x antes de v2.0.2rc1, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro itemid. • https://www.exploit-db.com/exploits/20087 http://git.zabbixzone.com/zabbix2.0/.git/commitdiff/333a3a5542ba8a2c901c24b7bf5440f41f1f4f54 http://osvdb.org/84127 http://secunia.com/advisories/49809 http://secunia.com/advisories/50475 http://www.debian.org/security/2012/dsa-2539 http://www.exploit-db.com/exploits/20087 http://www.openwall.com/lists/oss-security/2012/07/27/6 http://www.openwall.com/lists/oss-security/2012/07/28/3 http://www.securityfocus.com/bid/54661 https&# • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 84EXPL: 0CVE-2011-5027
https://notcve.org/view.php?id=CVE-2011-5027
Cross-site scripting (XSS) vulnerability in ZABBIX before 1.8.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the profiler. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Zabbix anterior a v1.8.10 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados relacionados con el perfilador. • http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071660.html http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071687.html http://osvdb.org/77772 http://secunia.com/advisories/47216 http://www.securityfocus.com/bid/51093 http://www.zabbix.com/rn1.8.10.php https://support.zabbix.com/browse/ZBX-4015 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •