CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2013-6824
https://notcve.org/view.php?id=CVE-2013-6824
Zabbix before 1.8.19rc1, 2.0 before 2.0.10rc1, and 2.2 before 2.2.1rc1 allows remote Zabbix servers and proxies to execute arbitrary commands via a newline in a flexible user parameter. Zabbix anteriores a 1.8.19rc1, 2.0 anteriores a 2.0.10rc1 y 2.2 anteriores a 2.2.1rc1 permite a servidores y proxies Zabbix remotos ejectar comandos de forma arbitraria a través de una newline con unos parámetros de usuarios flexibles. • http://security.gentoo.org/glsa/glsa-201401-26.xml http://www.zabbix.com/rn1.8.19rc1.php http://www.zabbix.com/rn2.0.10rc1.php http://www.zabbix.com/rn2.2.1rc1.php https://support.zabbix.com/browse/ZBX-7479 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2013-1364
https://notcve.org/view.php?id=CVE-2013-1364
The user.login function in Zabbix before 1.8.16 and 2.x before 2.0.5rc1 allows remote attackers to override LDAP configuration via the cnf parameter. La función user.login en Zabbix anteriores a 1.8.16 y 2.x (anteriores a 2.0.5rc1) permite a atacantes remotos sobreescribir configuraciones LDAP a través del parámetro cnf. • http://secunia.com/advisories/55824 http://security.gentoo.org/glsa/glsa-201311-15.xml http://www.securityfocus.com/bid/57471 http://www.zabbix.com/rn1.8.16.php http://www.zabbix.com/rn2.0.5rc1.php https://support.zabbix.com/browse/ZBX-6097 • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 94%CPEs: 1EXPL: 2CVE-2013-3628 – Zabbix - (Authenticated) Remote Command Execution
https://notcve.org/view.php?id=CVE-2013-3628
Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability Zabbix versión 2.0.9, presenta una Vulnerabilidad de Ejecución de Comandos Arbitraria. • https://www.exploit-db.com/exploits/29321 http://www.exploit-db.com/exploits/29321 http://www.securityfocus.com/bid/63453 https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats https://www.rapid7.com/blog/post/2013/10/30/seven-tricks-and-treats • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.8EPSS: 97%CPEs: 3EXPL: 1CVE-2013-5743 – Zabbix 2.0.8 - SQL Injection / Remote Code Execution
https://notcve.org/view.php?id=CVE-2013-5743
Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7. Múltiples vulnerabilidades de inyección SQL en Zabbix versiones 1.8.x anteriores a 1.8.18rc1, versiones 2.0.x anteriores a 2.0.9rc1 y versiones 2.1.x anteriores a 2.1.7. • https://www.exploit-db.com/exploits/28972 https://admin.fedoraproject.org/updates/zabbix-1.8.18-1.el6 https://admin.fedoraproject.org/updates/zabbix20-2.0.8-3.el6 https://admin.fedoraproject.org/updates/zabbix20-2.0.9-1.el5 https://support.zabbix.com/browse/ZBX-7091 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 1CVE-2013-5572 – Zabbix 2.0.5 - Cleartext ldap_bind_Password Password Disclosure
https://notcve.org/view.php?id=CVE-2013-5572
Zabbix 2.0.5 allows remote authenticated users to discover the LDAP bind password by leveraging management-console access and reading the ldap_bind_password value in the HTML source code. Zabbix v2.0.5 permite a usuarios autenticados remotamente descubrir la contraseña LDAP bind aprovechando el acceso a la consola de gestión y leyendo el valor ldap_bind_password en el código fuente HTML. • https://www.exploit-db.com/exploits/36157 http://archives.neohapsis.com/archives/fulldisclosure/2013-09/0149.html http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132376.html http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132377.html • CWE-264: Permissions, Privileges, and Access Controls •