CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2074 matches found

Zabbix - SAML SSO Authentication Bypass

When SAML SSO authentication is enabled non-default, session data can be modified by a malicious actor because a user login stored in the session was not verified. id: CVE-2022-23131 info: name: Zabbix - SAML SSO Authentication Bypass author: For3stCo1d,spac3wh1te severity: critical description:...

9.8CVSS7.5AI score0.95683EPSS

Exploits9References5

Nuclei•added 18 hours ago•71 views

Zabbix - SQL Injection

Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggleids array parameter in latest.php and perform SQL injection attacks. id: CVE-2016-10134 info: name: Zabbix - SQL Injection author: princechaddha severity: critical description: Zabbix...

9.8CVSS7.7AI score0.83284EPSS

Exploits24References5

Nuclei•added yesterday•52 views

Zabbix <=4.4 - Authentication Bypass

Zabbix through 4.4 is susceptible to an authentication bypass vulnerability via zabbix.php?action=dashboard.view&dashboardid=1. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password i.e., anonymously...

9.1CVSS7.3AI score0.5415EPSS

Exploits5References5

Nuclei•added 2 days ago•76 views

Grafana & Zabbix Integration - Credentials Disclosure

Grafana through 7.3.4, when integrated with Zabbix, contains a credential disclosure vulnerability. The Zabbix password can be found in the apijsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search...

9.8CVSS7.2AI score0.53439EPSS

Exploits1References5

AstraLinux•added 4 days ago•5 views

Astra Linux – Vulnerability in Zabbix

The researcher has shown that due to the way the SNMP trap log is parsed, an attacker can create an SNMP trap with additional lines of information, causing forged data to appear in the Zabbix UI. This attack requires that SNMP authentication be disabled, and/or that the attacker knows the...

3.7CVSS5.4AI score0.00628EPSS

Exploits0References2

AstraLinux•added 4 days ago•6 views

Astra Linux – Vulnerability in Zabbix

During Zabbix installation from RPM, the DACOVERRIDE SELinux capability is used to access PID files in the /var/run/zabbix folder. In this case, processes of Zabbix Proxy or Server can bypass the file read, write, and execute permission checks at the file system level...

7.5CVSS7.5AI score0.00796EPSS

Exploits0References2

AstraLinux•added 4 days ago•3 views

Astra Linux – Vulnerability in Zabbix

Currently, the geomap configuration Administration - General - Geographical maps allows the use of HTML in the “Attribution text” field when the “Other” Tile provider is selected...

5.5CVSS5.6AI score0.62046EPSS

Exploits0References2

AstraLinux•added 4 days ago•5 views

Astra Linux – Vulnerability in Zabbix

The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files using zbxjsonopen...

9.6CVSS8AI score0.0069EPSS

Exploits0References2

AstraLinux•added 4 days ago•4 views

Astra Linux – Vulnerability in Zabbix

Zabbix allows for the configuration of SMS notifications. AT command injection occurs on the “Zabbix Server” because there is no validation of the “Number” field either on the web interface or on the Zabbix server side. An attacker can send specially crafted phone numbers via SMS and execute...

9.1CVSS5.6AI score0.01606EPSS

Exploits0References2

Nuclei•added 4 days ago•51 views

Zabbix Setup Configuration Authentication Bypass

After the initial setup process, some steps of setup.php file are reachable not only by super-administrators but also by unauthenticated users. A malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend. id: CVE-2022-23134 info: name: Zabbix Setup...

5.3CVSS6.9AI score0.84657EPSS

Exploits1References5