20 matches found
Astra Linux – Vulnerability in Zabbix
The Zabbix Agent 2 item key “smart.disk.get” does not sanitize its parameters before passing them to a shell command, which may lead to a vulnerability for remote code execution...
EUVD-2023-36955
Malicious code in bioql PyPI...
CVE-2025-27233
Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. This can be used to leak the NTLMv2 hash from a Windows system...
DEBIAN-CVE-2025-27234
Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. In Zabbix 5.0 this allows for remote code execution...
UBUNTU-CVE-2025-27233
Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. This can be used to leak the NTLMv2 hash from a Windows system...
CVE-2025-27234 Zabbix Agent 2 smartctl plugin RCE vulnerability in Zabbix 5.0.
Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. In Zabbix 5.0 this allows for remote code execution...
CVE-2025-27234 Zabbix Agent 2 smartctl plugin RCE vulnerability in Zabbix 5.0.
Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. In Zabbix 5.0 this allows for remote code execution...
Linux Distros Unpatched Vulnerability : CVE-2023-32728
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote...
PT-2025-37303
Name of the Vulnerable Software and Affected Versions: Zabbix Agent 2 affected versions not specified Description: The Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, which allows an attacker to inject unexpected arguments into the smartctl command. This can b...
Improper Certificate Validation
scalyr-agent-2 is vulnerable to Improper Certificate Validation. The vulnerability is due to calling the openssl binary without the -verifyhostname option in some circumstances, which can result in Man-in-the-Middle attacks...
CVE-2023-32728
The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution...
Remote code execution
The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution...
CVE-2023-32728
The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution...
CVE-2023-32728
The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution...
CVE-2023-32728
The CVE-2023-32728 issue affects Zabbix Agent 2, specifically the item key smart.disk.get. The parameter handling does not sanitize inputs before passing to a shell command, resulting in a possible remote code execution vulnerability. Documented impact indicates high confidentiality, integrity, a...
CVE-2023-32728 Code injection in zabbix_agent2 smart.disk.get caused by smartctl plugin
The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution...
CVE-2023-32728 Code injection in zabbix_agent2 smart.disk.get caused by smartctl plugin
The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution...
CVE-2023-29453 Agent 2 package are built with Go version affected by CVE-2023-24538
Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...
Cisco Sourcefire User Agent 2.2 - Insecure File Permissions
Exploit for windows platform in category local exploits / Cisco Sourcefire User Agent Insecure File Permissions Vulnerability Vendor: Cisco Product webpage: http://www.cisco.com Affected versions: Cisco SF User Agent 2.2 Fixed versions: Cisco SF User Agent 2.2-25 Date: 08/09/2015 Credits: Glafkos...
rPSA-2008-0132-1 lighttpd
rPath Security Advisory: 2008-0132-1 Published: 2008-03-31 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Denial of Service Updated Versions: lighttpd=conary.rpath.com@rpl:1/1.4.18-0.5-1 rPath Issue Tracking System: https://issues.rpath.com/browse/RPL-24...