15 matches found
EUVD-2017-7351
Malware in sbrugna...
EUVD-2023-46282
Malicious code in bioql PyPI...
EUVD-2022-34336
Malicious code in bioql PyPI...
EUVD-2023-46280
Malicious code in bioql PyPI...
EUVD-2023-28533
Malicious code in bioql PyPI...
CVE-2014-125124
An unauthenticated remote command execution vulnerability exists in Pandora FMS versions up to and including 5.0RC1 via the Anyterm web interface, which listens on TCP port 8023. The anyterm-module endpoint accepts unsanitized user input via the p parameter and directly injects it into a shell...
CVE-2014-125124 Pandora FMS <= 5.0RC1 Anyterm Unauthenticated Command Injection
An unauthenticated remote command execution vulnerability exists in Pandora FMS versions up to and including 5.0RC1 via the Anyterm web interface, which listens on TCP port 8023. The anyterm-module endpoint accepts unsanitized user input via the p parameter and directly injects it into a shell...
CVE-2025-34088 Pandora FMS Authenticated Remote Code Execution via Ping Module
An authenticated remote code execution vulnerability exists in Pandora FMS version 7.0NG and earlier. The nettools.php functionality allows authenticated users to execute arbitrary OS commands via the selectips parameter when performing network tools operations, such as pinging. This occurs becau...
CVE-2024-12971
Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection.This issue affects Pandora FMS from 700 to 777.6...
CVE-2024-12971 QuickShell Authenticated Command Injection
Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection.This issue affects Pandora FMS from 700 to 777.6...
CVE-2024-12971
CVE-2024-12971 affects Pandora FMS versions 700–777.6. The issue is an OS command injection caused by improper neutralization of special elements in commands, enabling execution of arbitrary commands. Public exploitation is demonstrated by a Metasploit module that requires admin access to Pandora...
PT-2024-15: Unauth Time-based SQL Injection in Pandora FMS
The vulnerability was identified in Pandora FMS, versions from 700 through 776. The vulnerability can be exploited without authentication. It allows to gain access to arbitrary data from database. The vulnerability is a part of a chain that leads to remote code execution and complete server...
Arbitrary file deletion
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pandora FMS on all allows File Discovery. This vulnerability allows users with low privileges to download database backups. This issue affects Pandora FMS: from 700 through 772...
Artica Pandora FMS 安全漏洞
Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A security vulnerability exists in Artica Pandora FMS that stems from Pandora FMS v7.0NG.760 and lower allows incorrect...
PT-2022-14545 · Unknown · Pandora Fms
Name of the Vulnerable Software and Affected Versions: Pandora FMS versions 7.0NG.761 and below Description: The issue is related to a Stored Cross Site-Scripting vulnerability in the file manager section, specifically affecting the dirname parameter. This can be exploited by an attacker with...