Astra Linux - уязвимость в zabbix

The Zabbix server can execute commands for configured scripts. After the command is executed, an audit entry is added to the “Audit Log”. Since the “clientip” field is not sanitized, it is possible to inject SQL code into the “clientip” field, resulting in time-based blind SQL injection attacks...

Linux Distros Unpatched Vulnerability : CVE-2024-22120

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to Audit Log. Due to clientip field is not...

SUSE CVE-2024-22120

Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection...

CVE-2024-22120

Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection...

UBUNTU-CVE-2024-22120

Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection...

CVE-2024-22120

Mode C CVE-2024-22120 affects Zabbix Server where command execution can be triggered through configured scripts. The root cause is inadequate sanitization of the clientip field, enabling a time-based blind SQL injection that can be exploited after a command runs and an audit entry is written to t...

PT-2024-3624

Name of the Vulnerable Software and Affected Versions: Zabbix server versions 6.0.0 through 6.0.27 Zabbix server versions 6.4.0 through 6.4.12 Zabbix server versions 7.0.0alpha1 through 7.0.0beta1 Description: The Zabbix server is vulnerable to a time-based SQL injection attack due to the...

CVE-2022-34914

Webswing before 22.1.3 allows X-Forwarded-For header injection. The client IP address is associated with a variable in the configuration page. The clientIp variable can be used as an application startup argument. The X-Forwarded-For header can be manipulated by a client to store an arbitrary valu...

CyberArk Credential File Insufficient Effective Key Space

Vulnerability Details Affected Vendor: CyberArk Affected Product: Application Access Manager/Credential Provider Affected Version: Prior to 12.1 Platform: Linux/Windows/zOS CWE Classification: CWE-326: Inadequate Encryption Strength CVE ID: CVE-2021-31796 2. Vulnerability Description CyberArk...

CakePHP Security Bypass Vulnerability (CNVD-2017-01244)

CakePHP is the United States Cake Software Foundation of a MVC-based architecture , open source Web development framework. The framework has a flexible view caching , automatic generation of CRUD code and other features . A security vulnerability exists in the 'clientIp' function in CakePHP 3.2.4...

CVE-2016-4793

The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header...

Design/Logic Flaw

The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header...

UBUNTU-CVE-2016-4793

The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header...

CVE-2016-4793

The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header...