CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 2CVE-2010-0712 – Zenoss 2.3.3 - Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2010-0712
26 Feb 2010 — Multiple SQL injection vulnerabilities in zport/dmd/Events/getJSONEventsInfo in Zenoss 2.3.3, and other versions before 2.5, allow remote authenticated users to execute arbitrary SQL commands via the (1) severity, (2) state, (3) filter, (4) offset, and (5) count parameters. Múltiples vulnerabilidades de inyección SQL en zport/dmd/Events/getJSONEventsInfo en Zenoss v2.3.3 y otras versiones anteriores a v2.5, permite a atacantes remotos ejecutar comandos SQL de su elección a través de los parámetros (1) sever... • https://www.exploit-db.com/exploits/33511 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 3%CPEs: 5EXPL: 2CVE-2010-0713 – Zenoss 2.3.3 - Multiple Cross-Site Request Forgery Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-0713
26 Feb 2010 — Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss 2.3.3, and other versions before 2.5, allow remote attackers to hijack the authentication of an administrator for (1) requests that reset user passwords via zport/dmd/ZenUsers/admin, and (2) requests that change user commands, which allows for remote execution of system commands via zport/dmd/userCommands/. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en Zenoss v2.3.3, y otras versiones anteriores a v2.... • https://www.exploit-db.com/exploits/33536 • CWE-352: Cross-Site Request Forgery (CSRF) •