CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-13850
https://notcve.org/view.php?id=CVE-2020-13850
11 Jun 2020 — Artica Pandora FMS 7.44 has inadequate access controls on a web folder. Artica Pandora FMS versión 7.44, posee controles de acceso inadecuados en una carpeta web • https://www.coresecurity.com/advisories • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19968
https://notcve.org/view.php?id=CVE-2019-19968
04 Feb 2020 — PandoraFMS 742 suffers from multiple XSS vulnerabilities, affecting the Agent Management, Report Builder, and Graph Builder components. An authenticated user can inject dangerous content into a data store that is later read and included in dynamic content. PandoraFMS versión 742, sufre de múltiples vulnerabilidades de tipo XSS, afectando a los componentes Agent Management, Report Builder, y Graph Builder. Un usuario autenticado puede inyectar contenido peligroso en un almacén de datos que luego es leído e i... • https://k4m1ll0.com/cve-2019-19968.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13035
https://notcve.org/view.php?id=CVE-2019-13035
29 Jun 2019 — Artica Pandora FMS 7.0 NG before 735 suffers from local privilege escalation due to improper permissions on C:\PandoraFMS and its sub-folders, allowing standard users to create new files. Moreover, the Apache service httpd.exe will try to execute cmd.exe from C:\PandoraFMS (the current directory) as NT AUTHORITY\SYSTEM upon web requests to the portal. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITY\SYSTEM. Artica Pandora FMS versión 7.0 NG anterior a 735, sufre de una... • https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-008.md •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-11223
https://notcve.org/view.php?id=CVE-2018-11223
15 Jun 2018 — XSS in Artica Pandora FMS before 7.0 NG 723 allows an attacker to execute arbitrary code via a crafted "refr" parameter in a "/pandora_console/index.php?sec=estado&sec2=operation/agentes/estado_agente&refr=" call. Cross-Site Scripting (XSS) en Artica Pandora FMS en versiones anteriores a la 7.0 NG 723 permite que un atacante ejecute código arbitrario mediante un parámetro "refr" manipulado en una llamada "/pandora_console/index.php?sec=estadosec2=operation/agentes/estado_agenterefr=". • https://blog.hackercat.ninja/post/pandoras_box • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •