EUVD-2023-54529

Malicious code in bioql PyPI...

Record the cron Logs

Generally, cron is used to schedule tasks in Linux. Because cron can be exploited by hackers to load malicious code, all the cron logs need to be recorded to trace system exceptions. Otherwise, the exception information cannot be displayed in logs when there are malicious operations. As a result,...

PT-2024-12979 · Undefined · Undefined

NCC Group выпустила третье исследование с оценкой безопасности популярных инструментов RMM, в котором представила обзор на 18 уязвимостей в PandoraFMS. Ранее в поле зрения исследователей попадали множественные уязвимости в Faronics Insight и Nagios XI. PandoraFMS - это приложение для мониторинга ...

Design/Logic Flaw

Cron log backup files contain administrator session IDs. It is trivial for any attacker who can reach the Pandora FMS Console to scrape the cron logs directory for cron log backups. The contents of these log files can then be abused to authenticate to the application as an administrator. This iss...

CVE-2023-4677 Unauthenticated Admin Account Takeover Via Cron Log File Backups

Cron log backup files contain administrator session IDs. It is trivial for any attacker who can reach the Pandora FMS Console to scrape the cron logs directory for cron log backups. The contents of these log files can then be abused to authenticate to the application as an administrator. This iss...

CVE-2023-4677

CVSS : 9.8 (CRITICAL) for Pandora FMS Console

PT-2023-8542 · Unknown · Pandora Fms

Name of the Vulnerable Software and Affected Versions: Pandora FMS versions = 772 Description: The issue is related to insufficient protection of registration data in the Pandora FMS Console, allowing an attacker to gain unauthorized access to protected information and elevate their privileges to...

SUSE CVE-2015-3243

rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron...