CVSS: 9.8EPSS: 97%CPEs: 3EXPL: 1CVE-2013-5743 – Zabbix 2.0.8 - SQL Injection / Remote Code Execution
https://notcve.org/view.php?id=CVE-2013-5743
Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7. Múltiples vulnerabilidades de inyección SQL en Zabbix versiones 1.8.x anteriores a 1.8.18rc1, versiones 2.0.x anteriores a 2.0.9rc1 y versiones 2.1.x anteriores a 2.1.7. • https://www.exploit-db.com/exploits/28972 https://admin.fedoraproject.org/updates/zabbix-1.8.18-1.el6 https://admin.fedoraproject.org/updates/zabbix20-2.0.8-3.el6 https://admin.fedoraproject.org/updates/zabbix20-2.0.9-1.el5 https://support.zabbix.com/browse/ZBX-7091 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 1CVE-2013-5572 – Zabbix 2.0.5 - Cleartext ldap_bind_Password Password Disclosure
https://notcve.org/view.php?id=CVE-2013-5572
Zabbix 2.0.5 allows remote authenticated users to discover the LDAP bind password by leveraging management-console access and reading the ldap_bind_password value in the HTML source code. Zabbix v2.0.5 permite a usuarios autenticados remotamente descubrir la contraseña LDAP bind aprovechando el acceso a la consola de gestión y leyendo el valor ldap_bind_password en el código fuente HTML. • https://www.exploit-db.com/exploits/36157 http://archives.neohapsis.com/archives/fulldisclosure/2013-09/0149.html http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132376.html http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132377.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 70EXPL: 4CVE-2012-3435 – Zabbix 2.0.1 - Session Extractor
https://notcve.org/view.php?id=CVE-2012-3435
SQL injection vulnerability in frontends/php/popup_bitem.php in Zabbix 1.8.15rc1 and earlier, and 2.x before 2.0.2rc1, allows remote attackers to execute arbitrary SQL commands via the itemid parameter. Vulnerabilidad de inyección SQL en interfaces/php/popup_bitem.php en Zabbix v1.8.15rc1 y anteriores, y v2.x antes de v2.0.2rc1, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro itemid. • https://www.exploit-db.com/exploits/20087 http://git.zabbixzone.com/zabbix2.0/.git/commitdiff/333a3a5542ba8a2c901c24b7bf5440f41f1f4f54 http://osvdb.org/84127 http://secunia.com/advisories/49809 http://secunia.com/advisories/50475 http://www.debian.org/security/2012/dsa-2539 http://www.exploit-db.com/exploits/20087 http://www.openwall.com/lists/oss-security/2012/07/27/6 http://www.openwall.com/lists/oss-security/2012/07/28/3 http://www.securityfocus.com/bid/54661 https&# • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •