193 matches found
Sql injection
Multiple SQL injection vulnerabilities in zport/dmd/Events/getJSONEventsInfo in Zenoss 2.3.3, and other versions before 2.5, allow remote authenticated users to execute arbitrary SQL commands via the 1 severity, 2 state, 3 filter, 4 offset, and 5 count parameters...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in Zenoss 2.3.3, and other versions before 2.5, allow remote attackers to hijack the authentication of an administrator for 1 requests that reset user passwords via zport/dmd/ZenUsers/admin, and 2 requests that change user commands, which...
CVE-2010-0712
Multiple SQL injection vulnerabilities in zport/dmd/Events/getJSONEventsInfo in Zenoss 2.3.3, and other versions before 2.5, allow remote authenticated users to execute arbitrary SQL commands via the 1 severity, 2 state, 3 filter, 4 offset, and 5 count parameters...
CVE-2010-0713
Multiple cross-site request forgery CSRF vulnerabilities in Zenoss 2.3.3, and other versions before 2.5, allow remote attackers to hijack the authentication of an administrator for 1 requests that reset user passwords via zport/dmd/ZenUsers/admin, and 2 requests that change user commands, which...
CVE-2010-0712
CVE-2010-0712 : Zenoss Server components expose multiple SQL injection flaws in zport/dmd/Events/getJSONEventsInfo for Zenoss 2.3.3 and earlier versions before 2.5. Remote authenticated users can inject SQL via the parameters (severity, state, filter, offset, count). Public references indicate a ...
CVE-2010-0713
Zenoss Server (Zenoss 2.3.3 and earlier
Zenoss Multiple Admin CSRF
nGenuity Information Services - Security Advisory Advisory ID: NGENUITY-2010-002 - Zenoss Multiple Admin CSRF Application: Zenoss 2.3.3 Vendor: Zenoss Vendor website: http://www.zenoss.com Author: Adam Baldwin [email protected] I. BACKGROUND Zenoss is a commercial and open source system...
Zenoss 2.3.3 - Multiple Cross-Site Request Forgery Vulnerabilities
Zenoss 2.3.3 - Multiple Cross-Site Request Forgery Vulnerabilities source: https://www.securityfocus.com/bid/37843/info Zenoss is prone to multiple cross-site request-forgery vulnerabilities. Exploiting these issues may allow a remote attacker to perform certain administrative actions, execute...
Zenoss 2.3.3 - Multiple Cross-Site Request Forgery Vulnerabilities
source: https://www.securityfocus.com/bid/37843/info Zenoss is prone to multiple cross-site request-forgery vulnerabilities. Exploiting these issues may allow a remote attacker to perform certain administrative actions, execute arbitrary commands, gain unauthorized access to the affected...
Zenoss 2.3.3 Cross Site Request Forgery
nGenuity Information Services - Security Advisory Advisory ID: NGENUITY-2010-002 - Zenoss Multiple Admin CSRF Application: Zenoss 2.3.3 Vendor: Zenoss Vendor website: http://www.zenoss.com Author: Adam Baldwin [email protected] I. BACKGROUND Zenoss is a commercial and open source system...
Zenoss 2.3.3 SQL Injection
nGenuity Information Services -- Security Advisory Advisory ID: NGENUITY-2010-001 - Zenoss getJSONEventsInfo SQL Injection Application: Zenoss 2.3.3 Vendor: Zenoss Vendor website: http://www.zenoss.com Author: Adam Baldwin [email protected] Authentication: Valid user or admin session...
Zenoss 2.3.3 - Multiple SQL Injections
Zenoss 2.3.3 - Multiple SQL Injections source: https://www.securityfocus.com/bid/37802/info Zenoss is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to...
Zenoss 2.3.3 - Multiple SQL Injections
source: https://www.securityfocus.com/bid/37802/info Zenoss is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or...