CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-13850
https://notcve.org/view.php?id=CVE-2020-13850
11 Jun 2020 — Artica Pandora FMS 7.44 has inadequate access controls on a web folder. Artica Pandora FMS versión 7.44, posee controles de acceso inadecuados en una carpeta web • https://www.coresecurity.com/advisories • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19968
https://notcve.org/view.php?id=CVE-2019-19968
04 Feb 2020 — PandoraFMS 742 suffers from multiple XSS vulnerabilities, affecting the Agent Management, Report Builder, and Graph Builder components. An authenticated user can inject dangerous content into a data store that is later read and included in dynamic content. PandoraFMS versión 742, sufre de múltiples vulnerabilidades de tipo XSS, afectando a los componentes Agent Management, Report Builder, y Graph Builder. Un usuario autenticado puede inyectar contenido peligroso en un almacén de datos que luego es leído e i... • https://k4m1ll0.com/cve-2019-19968.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13035
https://notcve.org/view.php?id=CVE-2019-13035
29 Jun 2019 — Artica Pandora FMS 7.0 NG before 735 suffers from local privilege escalation due to improper permissions on C:\PandoraFMS and its sub-folders, allowing standard users to create new files. Moreover, the Apache service httpd.exe will try to execute cmd.exe from C:\PandoraFMS (the current directory) as NT AUTHORITY\SYSTEM upon web requests to the portal. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITY\SYSTEM. Artica Pandora FMS versión 7.0 NG anterior a 735, sufre de una... • https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-008.md •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-11223
https://notcve.org/view.php?id=CVE-2018-11223
15 Jun 2018 — XSS in Artica Pandora FMS before 7.0 NG 723 allows an attacker to execute arbitrary code via a crafted "refr" parameter in a "/pandora_console/index.php?sec=estado&sec2=operation/agentes/estado_agente&refr=" call. Cross-Site Scripting (XSS) en Artica Pandora FMS en versiones anteriores a la 7.0 NG 723 permite que un atacante ejecute código arbitrario mediante un parámetro "refr" manipulado en una llamada "/pandora_console/index.php?sec=estadosec2=operation/agentes/estado_agenterefr=". • https://blog.hackercat.ninja/post/pandoras_box • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2014-8629
https://notcve.org/view.php?id=CVE-2014-8629
19 Nov 2014 — Cross-site scripting (XSS) vulnerability in the Page visualization agents in Pandora FMS 5.1 SP1 and earlier allows remote attackers to inject arbitrary web script or HTML via the refr parameter to index.php. Vulnerabilidad de XSS en la página de visualización de agentes en Pandora FMS 5.1 SP1 y anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro 'refr' en index.php • http://blog.pandorafms.org/?p=3271 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •