CVSS: 9.0EPSS: 4%CPEs: 1EXPL: 2CVE-2020-11749 – PandoraFMS 7.0 NG 746 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-11749
Pandora FMS 7.0 NG <= 746 suffers from Multiple XSS vulnerabilities in different browser views. A network administrator scanning a SNMP device can trigger a Cross Site Scripting (XSS), which can run arbitrary code to allow Remote Code Execution as root or apache2. Pandora FMS versiones 7.0 NG anteriores a 746 incluyéndola, sufre de múltiples vulnerabilidades de tipo XSS en diferentes vistas del navegador. Un administrador de red que escanea un dispositivo SNMP puede desencadenar un ataque de tipo Cross Site Scripting (XSS), que puede ejecutar código arbitrario para permitir una ejecución de código remota como root o apache2 • https://www.exploit-db.com/exploits/48707 https://medium.com/%40tehwinsam/multiple-xss-on-pandorafms-7-0-ng-744-64b244b8523c https://packetstormsecurity.com/files/158389/Pandora-FMS-7.0-NG-746-Script-Insertion-Code-Execution.htmlPoC https://pandorafms.com/downloads/whats-new-747-EN.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 97%CPEs: 1EXPL: 2CVE-2020-13851 – Pandora FMS 7.0 NG 7XX Remote Command Execution
https://notcve.org/view.php?id=CVE-2020-13851
Artica Pandora FMS 7.44 allows remote command execution via the events feature. Artica Pandora FMS versión 7.44, permite una ejecución de comandos remota por medio de la funcionalidad events • http://packetstormsecurity.com/files/158390/Pandora-FMS-7.0-NG-7XX-Remote-Command-Execution.html https://www.coresecurity.com/advisories https://www.coresecurity.com/core-labs/advisories/pandora-fms-community-multiple-vulnerabilities • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 90%CPEs: 1EXPL: 1CVE-2020-13852
https://notcve.org/view.php?id=CVE-2020-13852
Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Manager feature. Artica Pandora FMS versión 7.44, permite una carga arbitraria de archivos (lo que conlleva a una ejecución de comandos remota) por medio de la funcionalidad File Manager • https://www.coresecurity.com/advisories https://www.coresecurity.com/core-labs/advisories/pandora-fms-community-multiple-vulnerabilities • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-13853
https://notcve.org/view.php?id=CVE-2020-13853
Artica Pandora FMS 7.44 has persistent XSS in the Messages feature. Artica Pandora FMS versión 7.44, presenta una vulnerabilidad de tipo XSS persistente en la funcionalidad Messages • https://www.coresecurity.com/advisories https://www.coresecurity.com/core-labs/advisories/pandora-fms-community-multiple-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2020-13854
https://notcve.org/view.php?id=CVE-2020-13854
Artica Pandora FMS 7.44 allows privilege escalation. Artica Pandora FMS versión 7.44, permite una escalada de privilegios • https://www.coresecurity.com/advisories https://www.coresecurity.com/core-labs/advisories/pandora-fms-community-multiple-vulnerabilities • CWE-269: Improper Privilege Management •