Zabbix

Zabbix

98 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2013-5743

  • EPSS 82.37%
  • Published 11.12.2019 19:15:12
  • Last modified 21.11.2024 01:58:02

Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7.

7.5

CVE-2013-7484

  • EPSS 0.21%
  • Published 30.11.2019 02:15:10
  • Last modified 21.11.2024 02:01:07

Zabbix before 5.0 represents passwords in the users table with unsalted MD5.

9.1

CVE-2019-17382

Exploit
  • EPSS 93.65%
  • Published 09.10.2019 14:15:12
  • Last modified 21.11.2024 04:32:13

An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i...

5.3

CVE-2019-15132

  • EPSS 0.41%
  • Published 17.08.2019 18:15:10
  • Last modified 21.11.2024 04:28:07

Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate application usernames based on the variability of server responses (e.g., the "Login name or password is incorrect" and "No permissions for system ac...

6.1

CVE-2016-10742

Exploit
  • EPSS 0.42%
  • Published 17.02.2019 16:29:00
  • Last modified 21.11.2024 02:44:38

Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before 3.2.10rc1, and 3.3.x and 3.4.x before 3.4.4rc1 allows open redirect via the request parameter.

7

CVE-2017-2825

Exploit
  • EPSS 0.63%
  • Published 20.04.2018 21:29:00
  • Last modified 21.11.2024 03:24:13

In the trapper functionality of Zabbix Server 2.4.x, specifically crafted trapper packets can pass database logic checks, resulting in database writes. An attacker can set up a Man-in-the-Middle server to alter trapper requests made between an active...

4.3

CVE-2017-2826

Exploit
  • EPSS 0.26%
  • Published 09.04.2018 20:29:00
  • Last modified 21.11.2024 03:24:13

An information disclosure vulnerability exists in the iConfig proxy request of Zabbix server 2.4.X. A specially crafted iConfig proxy request can cause the Zabbix server to send the configuration information of any Zabbix proxy, resulting in informat...

9.8

CVE-2014-3005

Exploit
  • EPSS 4.29%
  • Published 01.02.2018 17:29:00
  • Last modified 21.11.2024 02:07:18

XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in...

8.1

CVE-2017-2824

Exploit
  • EPSS 73.55%
  • Published 24.05.2017 14:29:00
  • Last modified 20.04.2025 01:37:25

An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X. A specially crafted set of packets can cause a command injection resulting in remote code execution. An attacker can make requests from an...

9.8

CVE-2016-10134

Exploit
  • EPSS 88%
  • Published 17.02.2017 02:59:10
  • Last modified 20.04.2025 01:37:25

SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php.