34 matches found
CVE-2025-27233
Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. This can be used to leak the NTLMv2 hash from a Windows system...
CVE-2025-27234
Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. In Zabbix 5.0 this allows for remote code execution...
CVE-2025-27234
Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. In Zabbix 5.0 this allows for remote code execution...
CVE-2025-27233
Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. This can be used to leak the NTLMv2 hash from a Windows system...
CVE-2025-27233 Zabbix Agent 2 smartctl plugin argument injection in Zabbix 6.0 and later.
Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. This can be used to leak the NTLMv2 hash from a Windows system...
CVE-2025-27233 Zabbix Agent 2 smartctl plugin argument injection in Zabbix 6.0 and later.
Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. This can be used to leak the NTLMv2 hash from a Windows system...
CVE-2025-27233
Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. This can be used to leak the NTLMv2 hash from a Windows system...
CVE-2025-27234
The CVE-2025-27234 entry describes a vulnerability in the Zabbix Agent 2 smartctl plugin where improper sanitization of smart.disk.get parameters allows an attacker to inject arguments into smartctl, leading to remote code execution in Zabbix 5.0. Connected sources (Debian DLA-4473-1, Debian/Ness...
PT-2025-37304
Name of the Vulnerable Software and Affected Versions: Zabbix Agent 2 versions 5.0 and earlier Description: The Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, potentially allowing an attacker to inject unexpected arguments into the smartctl command. This can...
DEBIAN-CVE-2023-32728
The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution...
UBUNTU-CVE-2023-32728
The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution...
Zabbix Security Vulnerabilities
Zabbix is an open source monitoring system from Zabbix. The system supports network monitoring, server monitoring, cloud monitoring and application monitoring. A security vulnerability exists in Zabbix Agent2 that stems from the presence of a remote code execution vulnerability. Affected products...
PT-2023-8850 · Zabbix +4 · Zabbix Agent 2 +5
Name of the Vulnerable Software and Affected Versions: Zabbix Agent 2 affected versions not specified Description: The issue is related to the Zabbix Agent 2 item key smart.disk.get not sanitizing its parameters before passing them to a shell command, which could lead to remote code execution. Th...
Zabbix Code Injection Vulnerability
Zabbix is an open source monitoring system from Zabbix. The system supports network monitoring, server monitoring, cloud monitoring, and application monitoring. A security vulnerability exists in the Zabbix plugin Agent 2, which stems from the fact that Agent 2 packages are built using a version ...