2 results (0.002 seconds)

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 2

Multiple SQL injection vulnerabilities in zport/dmd/Events/getJSONEventsInfo in Zenoss 2.3.3, and other versions before 2.5, allow remote authenticated users to execute arbitrary SQL commands via the (1) severity, (2) state, (3) filter, (4) offset, and (5) count parameters. Múltiples vulnerabilidades de inyección SQL en zport/dmd/Events/getJSONEventsInfo en Zenoss v2.3.3 y otras versiones anteriores a v2.5, permite a atacantes remotos ejecutar comandos SQL de su elección a través de los parámetros (1) severity, (2) state, (3) filter, (4) offset, and (5) count. • https://www.exploit-db.com/exploits/33511 http://dev.zenoss.org/trac/changeset/15257 http://osvdb.org/61804 http://secunia.com/advisories/38195 http://www.ngenuity.org/wordpress/2010/01/14/ngenuity-2010-001-zenoss-getjsoneventsinfo-sql-injection http://www.securityfocus.com/bid/37802 http://www.zenoss.com/news/SQL-Injection-and-Cross-Site-Forgery-in-Zenoss-Core-Corrected.html https://exchange.xforce.ibmcloud.com/vulnerabilities/55670 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.8EPSS: 4%CPEs: 5EXPL: 2

Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss 2.3.3, and other versions before 2.5, allow remote attackers to hijack the authentication of an administrator for (1) requests that reset user passwords via zport/dmd/ZenUsers/admin, and (2) requests that change user commands, which allows for remote execution of system commands via zport/dmd/userCommands/. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en Zenoss v2.3.3, y otras versiones anteriores a v2.5, permite a atacantes remotos secuestrar la autenticación de las peticiones de administradores para (1) peticiones que reinicializan la contraseña de los usuarios a través de zport/dmd/ZenUsers/admin, y (2) peticiones que modifican comandos de usuario, lo que permite ejecuciones de comandos del sistema mediante zport/dmd/userCommands/ • https://www.exploit-db.com/exploits/33536 http://osvdb.org/61805 http://secunia.com/advisories/38195 http://www.ngenuity.org/wordpress/2010/01/14/ngenuity-2010-002-zenoss-multiple-admin-csrf http://www.securityfocus.com/archive/1/508982/100/0/threaded http://www.securityfocus.com/bid/37843 http://www.zenoss.com/news/SQL-Injection-and-Cross-Site-Forgery-in-Zenoss-Core-Corrected.html • CWE-352: Cross-Site Request Forgery (CSRF) •