Lucene search
MitreCVELIST:CVE-2010-4281HistoryDec 02, 2010 - 5:00 p.m.
CVE-2010-4281
2010-12-0217:00:00
mitre
www.cve.org
5
Incomplete blacklist vulnerability in the safe_url_extraclean function in ajax.php in Pandora FMS before 3.1.1 allows remote attackers to execute arbitrary PHP code by using a page parameter containing a UNC share pathname, which bypasses the check for the : (colon) character.
References
osvdb.org/69546
seclists.org/fulldisclosure/2010/Nov/326
secunia.com/advisories/42347
sourceforge.net/projects/pandora/files/Pandora%20FMS%203.1/Final%20version%20%28Stable%29/pandorafms_console-3.1_security_patch_13Oct2010.tar.gz/download
www.exploit-db.com/exploits/15643
www.securityfocus.com/archive/1/514939/100/0/threaded
www.securityfocus.com/bid/45112
Related
prion
prion
Design/Logic Flaw
2010-12-02 17:15:00
cve
cve
CVE-2010-4281
2010-12-02 17:15:00
nvd
nvd
CVE-2010-4281
2010-12-02 17:15:00
seebug
seebug
Pandora FMS <= 3.1 Path Traversal and LFI
2014-07-01 00:00:00
exploitpack
exploitpack
Pandora Fms 3.1 - Directory Traversal Local File Inclusion
2010-11-30 00:00:00
exploitdb
exploitdb
Pandora Fms 3.1 - Directory Traversal / Local File Inclusion
2010-11-30 00:00:00
securityvulns
securityvulns
openvas
openvas
packetstorm
packetstorm
Pandora FMS Command Injection / SQL Injection / Path Traversal
2010-12-01 00:00:00
zdt
zdt
Pandora FMS <= 3.1 Mullti Vulnerability
2010-12-01 00:00:00