CVE-2010-1277
https://notcve.org/view.php?id=CVE-2010-1277
SQL injection vulnerability in the user.authenticate method in the API in Zabbix 1.8 before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the user parameter in JSON data to api_jsonrpc.php. Vulnerabilidad de inyección SQL en el método user.authenticate en la API en Zabbix desde v1.8 anteriores a 1.8.2 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro "user" en los datos JSON a api_jsonrpc.php. • http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0001.html http://legalhackers.com/advisories/zabbix181api-sql.txt http://legalhackers.com/poc/zabbix181api.pl-poc http://secunia.com/advisories/39119 http://www.osvdb.org/63456 http://www.securityfocus.com/archive/1/510480/100/0/threaded http://www.securityfocus.com/bid/39148 http://www.vupen.com/english/advisories/2010/0799 http://www.zabbix.com/rn1.8.2.php • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2009-4502 – Zabbix Agent - 'net.tcp.listen' Command Injection
https://notcve.org/view.php?id=CVE-2009-4502
The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, when running on FreeBSD or Solaris, allows remote attackers to bypass the EnableRemoteCommands setting and execute arbitrary commands via shell metacharacters in the argument to net.tcp.listen. NOTE: this attack is limited to attacks from trusted IP addresses. La función NET_TCP_LISTEN en net.c en Zabbix Agent versiones anteriores a v1.6.7, cuando se ejecuta en FreeBSD o Solaris, permite a atacantes remotos eludir la asignación de EnableRemoteCommands y ejecutar comandos de su elección mediante metacaracteres del interprete de comandos en el argumento de net.tcp.listen. NOTA: este ataque está limitado a ser realizado desde direcciones IP de confianza. • https://www.exploit-db.com/exploits/16918 https://www.exploit-db.com/exploits/10431 http://secunia.com/advisories/37740 http://www.securityfocus.com/archive/1/508439 http://www.vupen.com/english/advisories/2009/3514 https://support.zabbix.com/browse/ZBX-1032 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2009-4500
https://notcve.org/view.php?id=CVE-2009-4500
The process_trap function in trapper/trapper.c in Zabbix Server before 1.6.6 allows remote attackers to cause a denial of service (crash) via a crafted request with data that lacks an expected : (colon) separator, which triggers a NULL pointer dereference. La función process_trap en trapper/trapper.c en Zabbix Server anteriores a v1.6.6 permite a atacantes remotos provocar una denegación de servicio (caída) a través de una petición manipulada con datos de carece del separador esperado (:), lo que provoca una desreferenciación a puntero NULL. • http://secunia.com/advisories/37740 http://www.securityfocus.com/archive/1/508436/30/60/threaded http://www.vupen.com/english/advisories/2009/3514 https://support.zabbix.com/browse/ZBX-993 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-4501 – Zabbix Server - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-4501
The zbx_get_next_field function in libs/zbxcommon/str.c in Zabbix Server before 1.6.8 allows remote attackers to cause a denial of service (crash) via a request that lacks expected separators, which triggers a NULL pointer dereference, as demonstrated using the Command keyword. La función zbx_get_next_field de libs/zbxcommon/str.c de Zabbix Server anterior a v1.6.8 permite a atacantes remotos provocar una denegación de servicio (caída) a través de una solicitud que carece de los separadores esperados; esto lanza una referencia a puntero nulo (NULL), como se ha demostrado al utilizar la palabra clave Command. • https://www.exploit-db.com/exploits/10432 http://secunia.com/advisories/37740 http://www.securityfocus.com/archive/1/508436/30/60/threaded http://www.vupen.com/english/advisories/2009/3514 https://support.zabbix.com/browse/ZBX-1355 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-4498 – Zabbix Server - Arbitrary Command Execution
https://notcve.org/view.php?id=CVE-2009-4498
The node_process_command function in Zabbix Server before 1.8 allows remote attackers to execute arbitrary commands via a crafted request. La función node_process_command function de Zabbix Server en versiones anteriores a la v1.8 permite a atacantes remotos ejecutar comandos de su elección a través de una petición modificada. • https://www.exploit-db.com/exploits/20796 https://www.exploit-db.com/exploits/10432 http://secunia.com/advisories/37740 http://www.openwall.com/lists/oss-security/2010/04/02/1 http://www.securityfocus.com/archive/1/508436/30/60/threaded http://www.vupen.com/english/advisories/2009/3514 https://support.zabbix.com/browse/ZBX-1030 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •