CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-1000812
https://notcve.org/view.php?id=CVE-2018-1000812
Artica Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability in Password recovery process, line 45 of general/password_recovery.php that can result in IntegriaIMS web app user accounts can be taken over. This attack appear to be exploitable via Network access to IntegriaIMS web interface . This vulnerability appears to have been fixed in fixed in versions released after commit f2ff0ba821644acecb893483c86a9c4d3bb75047. Artica Integria IMS versión 5.0 MR56 Paquete 58, probablemente versiones anteriores contiene un CWE-640: Mecanismo de recuperación de contraseña débil para la vulnerabilidad de contraseña olvidada en el proceso de recuperación de contraseña, línea 45 de general/password_recovery.php que puede resultar en Las cuentas de usuario de la aplicación web IntegriaIMS se pueden hacer cargo. Este ataque parece ser explotable a través del acceso de red a la interfaz web De IntegriaIMS. • https://cp270.wordpress.com/2018/05/14/war-story-password-resets https://github.com/articaST/integriaims/commit/f2ff0ba821644acecb893483c86a9c4d3bb75047 https://github.com/fleetcaptain/integria-takeover • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2018-19829 – Integria IMS 5.0.83 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2018-19829
Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary user when the ID number is known. Artica Integria IMS 5.0.83 tiene Cross-Site Request Forgery (CSRF) en godmode/usuarios/lista_usuarios, lo que resulta en la capacidad de eliminar un usuario arbitrario cuando se conoce el número de ID. Integria IMS version 5.0.83 suffers from a cross site request forgery vulnerability. • https://www.exploit-db.com/exploits/46013 https://hackpuntes.com/cve-2018-19829-integria-ims-5-0-83-cross-site-request-forgery • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2018-19828 – Integria IMS 5.0.83 - 'search_string' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-19828
Artica Integria IMS 5.0.83 has XSS via the search_string parameter. Artica Integria IMS 5.0.83 tiene Cross-Site Scripting (XSS) mediante el parámetro search_string. Integria IMS version 5.0.83 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/46012 https://hackpuntes.com/cve-2018-19828-integria-ims-5-0-83-cross-site-scripting-reflejado • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-11221
https://notcve.org/view.php?id=CVE-2018-11221
Unauthenticated untrusted file upload in Artica Pandora FMS through version 7.23 allows an attacker to upload an arbitrary plugin via include/ajax/update_manager.ajax in the update system. Subida de archivos no fiables sin autenticación en Artica Pandora FMS hasta la versión 7.23 permite que un atacante suba un plugin arbitrario mediante include/ajax/update_manager.ajax en el sistema de actualización. • https://blog.hackercat.ninja/post/pandoras_box https://pandorafms.com/wp-content/uploads/2018/06/whats-new-723-EN.pdf • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-11222
https://notcve.org/view.php?id=CVE-2018-11222
Local File Inclusion (LFI) in Artica Pandora FMS through version 7.23 allows an attacker to call any php file via the /pandora_console/ajax.php ajax endpoint. Inclusión de archivos locales en Artica Pandora FMS hasta la versión 7.23 permite que un atacante llame a cualquier archivo php mediante el endpoint de ajax /pandora_console/ajax.php. • https://blog.hackercat.ninja/post/pandoras_box https://pandorafms.com/wp-content/uploads/2018/06/whats-new-723-EN.pdf • CWE-20: Improper Input Validation •