EUVD-2025-202833

Malicious code in elf-stats-candystriped-muffin-773 npm...

MAL-2025-192476 Malicious code in elf-stats-candystriped-muffin-773 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d5070b9bdfb58bb62623b12b6f4e30a41f8a50df5bf0615f768a70f8f0d932de The package elf-stats-candystriped-muffin-773 was found to contain malicious code...

Malicious code in elf-stats-candystriped-muffin-773 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d5070b9bdfb58bb62623b12b6f4e30a41f8a50df5bf0615f768a70f8f0d932de The package elf-stats-candystriped-muffin-773 was found to contain malicious code...

CVE-2023-41812

Unrestricted Upload of File with Dangerous Type vulnerability in Pandora FMS on all allows Accessing Functionality Not Properly Constrained by ACLs. This vulnerability allowed PHP executable files to be uploaded through the file manager. This issue affects Pandora FMS: from 700 through 773...

CVE-2023-41811

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pandora FMS on all allows Cross-Site Scripting XSS. This vulnerability allowed Javascript code to be executed in the news section of the web console. This issue affects Pandora FMS: from 700 throug...

CVE-2023-41811

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pandora FMS on all allows Cross-Site Scripting XSS. This vulnerability allowed Javascript code to be executed in the news section of the web console. This issue affects Pandora FMS: from 700 throug...

CVE-2023-41806

Improper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. This vulnerability causes that a bad privilege assignment could cause a DOS attack that affects the availability of the Pandora FMS server. This issue affects Pandora FMS: from 700 through 773...

CVE-2023-41807

Improper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. This vulnerability allows a user to escalate permissions on the system shell. This issue affects Pandora FMS: from 700 through 773...

CVE-2023-41808

Improper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. This vulnerability allows an unauthorised user to escalate and read sensitive files as if they were root. This issue affects Pandora FMS: from 700 through 773...

CVE-2023-41792

Cross-Site Request Forgery CSRF vulnerability in Pandora FMS on all allows Cross-Site Scripting XSS. This vulnerability allowed Javascript code to be executed in the SNMP Trap Editor. This issue affects Pandora FMS: from 700 through 773...

CVE-2023-41810

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pandora FMS on all allows Cross-Site Scripting XSS. This vulnerability allowed Javascript code to be executed in some Widgets' text box. This issue affects Pandora FMS: from 700 through 773...

CVE-2023-41790

Uncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Paths. This vulnerability allows to access the server configuration file and to compromise the database. This issue affects Pandora FMS: from 700 through 773...

CVE-2023-41791

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pandora FMS on all allows Cross-Site Scripting XSS. This vulnerability allowed users with low privileges to introduce Javascript executables via a translation string that could affect the integrity...

CVE-2023-41789

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pandora FMS on all allows Cross-Site Scripting XSS. This vulnerability allows an attacker to perform cookie hijacking and log in as that user without the need for credentials. This issue affects...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Pandora FMS on all allows Cross-Site Scripting XSS. This vulnerability allowed Javascript code to be executed in the SNMP Trap Editor. This issue affects Pandora FMS: from 700 through 773...

CVE-2023-41808 Arbitrary File Read As Root Via GoTTY Page

Improper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. This vulnerability allows an unauthorised user to escalate and read sensitive files as if they were root. This issue affects Pandora FMS: from 700 through 773...

Artica Pandora FMS Security Vulnerability

Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A security vulnerability exists in Artica Pandora FMS versions 700 through 773 that could allow an attacker to execute...

PT-2023-28094 · Unknown · Pandora Fms

Name of the Vulnerable Software and Affected Versions: Pandora FMS versions 700 through 773 Description: The issue is related to improper neutralization of input during web page generation, also known as Cross-site Scripting XSS. This allows users with low privileges to introduce Javascript...

PT-2023-28105 · Unknown · Pandora Fms

Name of the Vulnerable Software and Affected Versions: Pandora FMS versions 700 through 773 Description: The issue is related to Improper Privilege Management, allowing unauthorized users to escalate privileges and read sensitive files as if they were root. This enables an attacker to access...

PT-2023-28109 · Unknown · Pandora Fms

Name of the Vulnerable Software and Affected Versions: Pandora FMS versions 700 through 773 Description: The issue allows unrestricted upload of files with dangerous types, specifically PHP executable files, through the file manager. This is due to accessing functionality not properly constrained...