Lucene search
K

193 matches found

NVD
NVD
added 2014/12/15 6:59 p.m.17 views

CVE-2014-9250

Zenoss Core through 5 Beta 3 does not include the HTTPOnly flag in a Set-Cookie header for the authentication cookie, which makes it easier for remote attackers to obtain credential information via script access to this cookie, aka ZEN-10418...

5CVSS6.4AI score0.01501EPSS
Exploits0References2
NVD
NVD
added 2014/12/15 6:59 p.m.17 views

CVE-2014-9249

The default configuration of Zenoss Core before 5 allows remote attackers to read or modify database information by connecting to unspecified open ports, aka ZEN-15408...

7.5CVSS6.4AI score0.01569EPSS
Exploits0References2
NVD
NVD
added 2014/12/15 6:59 p.m.27 views

CVE-2014-9248

Zenoss Core through 5 Beta 3 does not require complex passwords, which makes it easier for remote attackers to obtain access via a brute-force attack, aka ZEN-15406...

5CVSS6.5AI score0.0124EPSS
Exploits0References2
NVD
NVD
added 2014/12/15 6:59 p.m.22 views

CVE-2014-9247

Zenoss Core through 5 Beta 3 allows remote authenticated users to obtain sensitive 1 user account, 2 e-mail address, and 3 role information by visiting the ZenUsers aka User Manager page, aka ZEN-15389...

4CVSS5.9AI score0.01124EPSS
Exploits0References2
NVD
NVD
added 2014/12/15 6:59 p.m.18 views

CVE-2014-9245

Zenoss Core through 5 Beta 3 allows remote attackers to obtain sensitive information by attempting a product-rename action with an invalid new name and then reading a stack trace, as demonstrated by internal URL information, aka ZEN-15382...

5CVSS6.2AI score0.01407EPSS
Exploits0References2
NVD
NVD
added 2014/12/15 6:59 p.m.18 views

CVE-2014-6261

Zenoss Core through 5 Beta 3 does not properly implement the Check For Updates feature, which allows remote attackers to execute arbitrary code by 1 spoofing the callhome server or 2 deploying a crafted web site that is visited during a login session, aka ZEN-12657...

9.3CVSS7.5AI score0.19683EPSS
Exploits0References2
NVD
NVD
added 2014/12/15 6:59 p.m.13 views

CVE-2014-6260

Zenoss Core through 5 Beta 3 does not require a password for modifying the pager command string, which allows remote attackers to execute arbitrary commands or cause a denial of service paging outage by leveraging an unattended workstation, aka ZEN-15412...

6.8CVSS8AI score0.01774EPSS
Exploits0References2
NVD
NVD
added 2014/12/15 6:59 p.m.24 views

CVE-2014-6259

Zenoss Core through 5 Beta 3 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted XML document containing a large number of nested entity references, aka ZEN-15414, a similar issue to...

5CVSS7AI score0.01594EPSS
Exploits0References2
NVD
NVD
added 2014/12/15 6:59 p.m.19 views

CVE-2014-6258

An unspecified endpoint in Zenoss Core through 5 Beta 3 allows remote attackers to cause a denial of service CPU consumption by triggering an arbitrary regular-expression match attempt, aka ZEN-15411...

5CVSS6.9AI score0.01461EPSS
Exploits0References2
NVD
NVD
added 2014/12/15 6:59 p.m.21 views

CVE-2014-6257

Zenoss Core through 5 Beta 3 allows remote attackers to bypass intended access restrictions by using a web-endpoint URL to invoke an object helper method, aka ZEN-15407...

5CVSS6.7AI score0.01413EPSS
Exploits0References2
NVD
NVD
added 2014/12/15 6:59 p.m.16 views

CVE-2014-6256

Zenoss Core through 5 Beta 3 allows remote attackers to bypass intended access restrictions and place files in a directory with public 1 read or 2 execute access via a move action, aka ZEN-15386...

7.5CVSS6.8AI score0.01511EPSS
Exploits0References2
NVD
NVD
added 2014/12/15 6:59 p.m.15 views

CVE-2014-6255

Open redirect vulnerability in the login form in Zenoss Core before 4.2.5 SP161 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the camefrom parameter, aka ZEN-11998...

6.4CVSS6.7AI score0.02069EPSS
Exploits0References2
NVD
NVD
added 2014/12/15 6:59 p.m.13 views

CVE-2014-6254

Multiple cross-site scripting XSS vulnerabilities in Zenoss Core through 5 Beta 3 allow remote attackers to inject arbitrary web script or HTML via an attribute in a 1 device name, 2 device detail, 3 report name, 4 report detail, or 5 portlet name, or 6 a string to a helper method, aka ZEN-15381...

4.3CVSS5.8AI score0.01181EPSS
Exploits0References2
NVD
NVD
added 2014/12/15 6:59 p.m.15 views

CVE-2014-6253

Multiple cross-site request forgery CSRF vulnerabilities in Zenoss Core through 5 Beta 3 allow remote attackers to hijack the authentication of arbitrary users, aka ZEN-12653...

6.8CVSS7.3AI score0.00653EPSS
Exploits0References2
Prion
Prion
added 2014/12/15 6:59 p.m.14 views

Cross site scripting

Zenoss Core through 5 Beta 3 does not require complex passwords, which makes it easier for remote attackers to obtain access via a brute-force attack, aka ZEN-15406...

5CVSS7AI score0.0124EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2014/12/15 6:59 p.m.19 views

Cross site scripting

Zenoss Core through 5 Beta 3 does not include the HTTPOnly flag in a Set-Cookie header for the authentication cookie, which makes it easier for remote attackers to obtain credential information via script access to this cookie, aka ZEN-10418...

5CVSS6.9AI score0.01501EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2014/12/15 6:59 p.m.17 views

Cross site scripting

Zenoss Core through 5 Beta 3 allows remote attackers to bypass intended access restrictions by using a web-endpoint URL to invoke an object helper method, aka ZEN-15407...

5CVSS7.2AI score0.01413EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2014/12/15 6:59 p.m.14 views

Cross site scripting

Zenoss Core through 5 Beta 3 uses a weak algorithm to hash passwords, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack on hash values in the database, aka ZEN-15413...

5CVSS6.8AI score0.01285EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2014/12/15 6:59 p.m.20 views

Cross site scripting

Zenoss Core through 5 Beta 3 allows remote authenticated users to obtain sensitive 1 user account, 2 e-mail address, and 3 role information by visiting the ZenUsers aka User Manager page, aka ZEN-15389...

4CVSS6.3AI score0.01124EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2014/12/15 6:59 p.m.17 views

Design/Logic Flaw

Zenoss Core through 5 Beta 3 allows remote attackers to obtain sensitive information by attempting a product-rename action with an invalid new name and then reading a stack trace, as demonstrated by internal URL information, aka ZEN-15382...

5CVSS6.7AI score0.01407EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder