CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0CVE-2009-4500
https://notcve.org/view.php?id=CVE-2009-4500
The process_trap function in trapper/trapper.c in Zabbix Server before 1.6.6 allows remote attackers to cause a denial of service (crash) via a crafted request with data that lacks an expected : (colon) separator, which triggers a NULL pointer dereference. La función process_trap en trapper/trapper.c en Zabbix Server anteriores a v1.6.6 permite a atacantes remotos provocar una denegación de servicio (caída) a través de una petición manipulada con datos de carece del separador esperado (:), lo que provoca una desreferenciación a puntero NULL. • http://secunia.com/advisories/37740 http://www.securityfocus.com/archive/1/508436/30/60/threaded http://www.vupen.com/english/advisories/2009/3514 https://support.zabbix.com/browse/ZBX-993 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 10EXPL: 1CVE-2009-4501 – Zabbix Server - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-4501
The zbx_get_next_field function in libs/zbxcommon/str.c in Zabbix Server before 1.6.8 allows remote attackers to cause a denial of service (crash) via a request that lacks expected separators, which triggers a NULL pointer dereference, as demonstrated using the Command keyword. La función zbx_get_next_field de libs/zbxcommon/str.c de Zabbix Server anterior a v1.6.8 permite a atacantes remotos provocar una denegación de servicio (caída) a través de una solicitud que carece de los separadores esperados; esto lanza una referencia a puntero nulo (NULL), como se ha demostrado al utilizar la palabra clave Command. • https://www.exploit-db.com/exploits/10432 http://secunia.com/advisories/37740 http://www.securityfocus.com/archive/1/508436/30/60/threaded http://www.vupen.com/english/advisories/2009/3514 https://support.zabbix.com/browse/ZBX-1355 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 71%CPEs: 14EXPL: 2CVE-2009-4498 – Zabbix Server - Arbitrary Command Execution
https://notcve.org/view.php?id=CVE-2009-4498
The node_process_command function in Zabbix Server before 1.8 allows remote attackers to execute arbitrary commands via a crafted request. La función node_process_command function de Zabbix Server en versiones anteriores a la v1.8 permite a atacantes remotos ejecutar comandos de su elección a través de una petición modificada. • https://www.exploit-db.com/exploits/20796 https://www.exploit-db.com/exploits/10432 http://secunia.com/advisories/37740 http://www.openwall.com/lists/oss-security/2010/04/02/1 http://www.securityfocus.com/archive/1/508436/30/60/threaded http://www.vupen.com/english/advisories/2009/3514 https://support.zabbix.com/browse/ZBX-1030 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 1CVE-2009-4499 – Zabbix Server - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-4499
SQL injection vulnerability in the get_history_lastid function in the nodewatcher component in Zabbix Server before 1.6.8 allows remote attackers to execute arbitrary SQL commands via a crafted request, possibly related to the send_history_last_id function in zabbix_server/trapper/nodehistory.c. Vulnerabilidad de inyección SQL en la función get_history_lastid en el componente nodewatcher en Zabbix Server anterior a v1.6.8 permite a atacantes remotos ejecutar comandos SQL de su elección a través de una petición manipulada, posiblemente relacionada con la función send_history_last_id en zabbix_server/trapper/nodehistory.c. • https://www.exploit-db.com/exploits/10432 http://secunia.com/advisories/37740 http://www.securityfocus.com/archive/1/508436/30/60/threaded http://www.vupen.com/english/advisories/2009/3514 https://support.zabbix.com/browse/ZBX-1031 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 7%CPEs: 6EXPL: 1CVE-2008-1353 – Zabbix 1.1x/1.4.x - File Checksum Request Denial of Service
https://notcve.org/view.php?id=CVE-2008-1353
zabbix_agentd in ZABBIX 1.4.4 allows remote attackers to cause a denial of service (CPU and connection consumption) via multiple vfs.file.cksum commands with a special device node such as /dev/urandom or /dev/zero. zabbix_agentd en ZABBIX 1.4.4, permite a atacantes remotos causar una Denegación de Servicio (Consumo de CPU y conexión) a través de múltiples comandos vfs.file.cksum con un nodo de dispositivo como /dev/urandom o /dev/zero. • https://www.exploit-db.com/exploits/31403 http://secunia.com/advisories/29383 http://securityreason.com/securityalert/3747 http://www.securityfocus.com/archive/1/489506/100/0/threaded http://www.securityfocus.com/bid/28244 http://www.vupen.com/english/advisories/2008/0878 https://exchange.xforce.ibmcloud.com/vulnerabilities/41196 •