Lucene search
+L

193 matches found

Prion
Prion
added 2010/02/26 5:30 p.m.16 views

Sql injection

Multiple SQL injection vulnerabilities in zport/dmd/Events/getJSONEventsInfo in Zenoss 2.3.3, and other versions before 2.5, allow remote authenticated users to execute arbitrary SQL commands via the 1 severity, 2 state, 3 filter, 4 offset, and 5 count parameters...

6.5CVSS8.7AI score0.01978EPSS
Exploits1References7Affected Software1
Prion
Prion
added 2010/02/26 5:30 p.m.16 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in Zenoss 2.3.3, and other versions before 2.5, allow remote attackers to hijack the authentication of an administrator for 1 requests that reset user passwords via zport/dmd/ZenUsers/admin, and 2 requests that change user commands, which...

6.8CVSS8.1AI score0.01946EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2010/02/26 5:3 p.m.21 views

CVE-2010-0712

Multiple SQL injection vulnerabilities in zport/dmd/Events/getJSONEventsInfo in Zenoss 2.3.3, and other versions before 2.5, allow remote authenticated users to execute arbitrary SQL commands via the 1 severity, 2 state, 3 filter, 4 offset, and 5 count parameters...

8AI score0.01978EPSS
Exploits1References7
Cvelist
Cvelist
added 2010/02/26 5:3 p.m.24 views

CVE-2010-0713

Multiple cross-site request forgery CSRF vulnerabilities in Zenoss 2.3.3, and other versions before 2.5, allow remote attackers to hijack the authentication of an administrator for 1 requests that reset user passwords via zport/dmd/ZenUsers/admin, and 2 requests that change user commands, which...

7.5AI score0.01946EPSS
Exploits1References6
CVE
CVE
added 2010/02/26 5:3 p.m.52 views

CVE-2010-0712

CVE-2010-0712 : Zenoss Server components expose multiple SQL injection flaws in zport/dmd/Events/getJSONEventsInfo for Zenoss 2.3.3 and earlier versions before 2.5. Remote authenticated users can inject SQL via the parameters (severity, state, filter, offset, count). Public references indicate a ...

6.5CVSS8.3AI score0.01978EPSS
Exploits1References7Affected Software1
CVE
CVE
added 2010/02/26 5:3 p.m.44 views

CVE-2010-0713

Zenoss Server (Zenoss 2.3.3 and earlier

6.8CVSS7.7AI score0.01946EPSS
Exploits1References6Affected Software1
securityvulns
securityvulns
added 2010/01/19 12:0 a.m.59 views

Zenoss Multiple Admin CSRF

nGenuity Information Services - Security Advisory Advisory ID: NGENUITY-2010-002 - Zenoss Multiple Admin CSRF Application: Zenoss 2.3.3 Vendor: Zenoss Vendor website: http://www.zenoss.com Author: Adam Baldwin [email protected] I. BACKGROUND Zenoss is a commercial and open source system...

0.6AI score
Exploits0
exploitpack
exploitpack
added 2010/01/18 12:0 a.m.11 views

Zenoss 2.3.3 - Multiple Cross-Site Request Forgery Vulnerabilities

Zenoss 2.3.3 - Multiple Cross-Site Request Forgery Vulnerabilities source: https://www.securityfocus.com/bid/37843/info Zenoss is prone to multiple cross-site request-forgery vulnerabilities. Exploiting these issues may allow a remote attacker to perform certain administrative actions, execute...

0.5AI score
Exploits0
Exploit DB
Exploit DB
added 2010/01/18 12:0 a.m.24 views

Zenoss 2.3.3 - Multiple Cross-Site Request Forgery Vulnerabilities

source: https://www.securityfocus.com/bid/37843/info Zenoss is prone to multiple cross-site request-forgery vulnerabilities. Exploiting these issues may allow a remote attacker to perform certain administrative actions, execute arbitrary commands, gain unauthorized access to the affected...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2010/01/17 12:0 a.m.25 views

Zenoss 2.3.3 Cross Site Request Forgery

nGenuity Information Services - Security Advisory Advisory ID: NGENUITY-2010-002 - Zenoss Multiple Admin CSRF Application: Zenoss 2.3.3 Vendor: Zenoss Vendor website: http://www.zenoss.com Author: Adam Baldwin [email protected] I. BACKGROUND Zenoss is a commercial and open source system...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2010/01/14 12:0 a.m.21 views

Zenoss 2.3.3 SQL Injection

nGenuity Information Services -- Security Advisory Advisory ID: NGENUITY-2010-001 - Zenoss getJSONEventsInfo SQL Injection Application: Zenoss 2.3.3 Vendor: Zenoss Vendor website: http://www.zenoss.com Author: Adam Baldwin [email protected] Authentication: Valid user or admin session...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2010/01/14 12:0 a.m.6 views

Zenoss 2.3.3 - Multiple SQL Injections

Zenoss 2.3.3 - Multiple SQL Injections source: https://www.securityfocus.com/bid/37802/info Zenoss is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2010/01/14 12:0 a.m.17 views

Zenoss 2.3.3 - Multiple SQL Injections

source: https://www.securityfocus.com/bid/37802/info Zenoss is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or...

7.4AI score
Exploits0
Rows per page
Query Builder