Artica

Pandora Fms

57 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2023-41808

  • EPSS 0.1%
  • Veröffentlicht 23.11.2023 15:15:09
  • Zuletzt bearbeitet 21.11.2024 08:21:43

Improper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. This vulnerability allows an unauthorised user to escalate and read sensitive files as if they were root. This issue affects Pandora FMS: from 700 through ...

6.1

CVE-2023-41810

  • EPSS 0.04%
  • Veröffentlicht 23.11.2023 15:15:09
  • Zuletzt bearbeitet 21.11.2024 08:21:43

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed Javascript code to be executed in some Widgets' text box. This issu...

5.4

CVE-2023-41791

  • EPSS 0.12%
  • Veröffentlicht 23.11.2023 15:15:08
  • Zuletzt bearbeitet 21.11.2024 08:21:41

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed users with low privileges to introduce Javascript executables via a...

9.8

CVE-2023-41790

  • EPSS 0.15%
  • Veröffentlicht 23.11.2023 15:15:08
  • Zuletzt bearbeitet 21.11.2024 08:21:41

Uncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Paths. This vulnerability allows to access the server configuration file and to compromise the database. This issue affects ...

6.1

CVE-2023-41789

  • EPSS 0.09%
  • Veröffentlicht 23.11.2023 15:15:08
  • Zuletzt bearbeitet 21.11.2024 08:21:41

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allows an attacker to perform cookie hijacking and log in as that user with...

8.8

CVE-2023-41788

  • EPSS 0.09%
  • Veröffentlicht 23.11.2023 15:15:08
  • Zuletzt bearbeitet 21.11.2024 08:21:41

Unrestricted Upload of File with Dangerous Type vulnerability in Pandora FMS on all allows Accessing Functionality Not Properly Constrained by ACLs. This vulnerability allows attackers to execute code via PHP file uploads. This issue affects Pandora ...

7.5

CVE-2023-41787

  • EPSS 0.1%
  • Veröffentlicht 23.11.2023 15:15:08
  • Zuletzt bearbeitet 21.11.2024 08:21:41

Uncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Paths. This vulnerability allows access to files with sensitive information. This issue affects Pandora FMS: from 700 throug...

6.5

CVE-2023-41786

  • EPSS 0.08%
  • Veröffentlicht 23.11.2023 15:15:08
  • Zuletzt bearbeitet 21.11.2024 08:21:41

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pandora FMS on all allows File Discovery. This vulnerability allows users with low privileges to download database backups. This issue affects Pandora FMS: from 700 through 7...

6.1

CVE-2021-46681

  • EPSS 0.3%
  • Veröffentlicht 05.08.2022 16:15:11
  • Zuletzt bearbeitet 21.11.2024 06:34:35

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via module massive operation name field.

5.4

CVE-2021-36698

Exploit
  • EPSS 0.63%
  • Veröffentlicht 03.11.2021 12:15:07
  • Zuletzt bearbeitet 21.11.2024 06:13:56

Pandora FMS through 755 allows XSS via a new Event Filter with a crafted name.