Zenoss

Zenoss

6 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2019-14257

Exploit
  • EPSS 0.05%
  • Published 21.08.2019 19:15:13
  • Last modified 21.11.2024 04:26:18

pyraw in Zenoss 2.5.3 allows local privilege escalation by modifying environment variables to redirect execution before privileges are dropped, aka ZEN-31765.

7.5

CVE-2019-14258

Exploit
  • EPSS 0.64%
  • Published 21.08.2019 19:15:13
  • Last modified 21.11.2024 04:26:18

The XML-RPC subsystem in Zenoss 2.5.3 allows XXE attacks that lead to unauthenticated information disclosure via port 9988.

4.3

CVE-2014-3738

Exploit
  • EPSS 8.24%
  • Published 20.05.2014 14:55:05
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in Zenoss 4.2.5 allows remote attackers to inject arbitrary web script or HTML via the title of a device.

5.8

CVE-2014-3739

Exploit
  • EPSS 0.29%
  • Published 20.05.2014 14:55:05
  • Last modified 12.04.2025 10:46:40

Open redirect vulnerability in zport/acl_users/cookieAuthHelper/login_form in Zenoss 4.2.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the came_from parameter.

6.5

CVE-2010-0712

Exploit
  • EPSS 1.29%
  • Published 26.02.2010 17:30:01
  • Last modified 11.04.2025 00:51:21

Multiple SQL injection vulnerabilities in zport/dmd/Events/getJSONEventsInfo in Zenoss 2.3.3, and other versions before 2.5, allow remote authenticated users to execute arbitrary SQL commands via the (1) severity, (2) state, (3) filter, (4) offset, a...

6.8

CVE-2010-0713

Exploit
  • EPSS 2.99%
  • Published 26.02.2010 17:30:01
  • Last modified 11.04.2025 00:51:21

Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss 2.3.3, and other versions before 2.5, allow remote attackers to hijack the authentication of an administrator for (1) requests that reset user passwords via zport/dmd/ZenUsers/admin...