Pandora FMS 7.0NG - Remote Command Injection

Pandora FMS 7.0NG allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ipsrc parameter in an index.php?operation/netflow/nfliveview request. id: CVE-2019-20224 info: name: Pandora FMS 7.0NG - Remote Command Injection author: ritikchaddha severity: hig...

Artica Pandora FMS 7.44 - Remote Code Execution

Artica Pandora FMS 7.44 allows remote command execution via the events feature. id: CVE-2020-13851 info: name: Artica Pandora FMS 7.44 - Remote Code Execution author: theamanrawat severity: high description: | Artica Pandora FMS 7.44 allows remote command execution via the events feature. impact:...

📄 PandoraFMS Netflow 7.0.777.10 Command Injection

PandoraFMS versions 7.0.774 through 7.0.777.10 contain an authenticated command injection vulnerability in the Netflow configuration component. An authenticated attacker with valid credentials can inject arbitrary system commands via the netflownamedir parameter, leading to remote code execution ...

EUVD-2019-9556

Malware in sbrugna...

EUVD-2021-20744

Malware in sbrugna...

EUVD-2021-22142

Malware in sbrugna...

📄 PandoraFMS Netflow Authenticated Remote Code Execution

This Metasploit module exploits a command injection vulnerability in Netflow component of PandoraFMS. The module requires a set of user credentials to modify Netflow settings. Also, Netflow binaries have to be present on the system. This module requires Metasploit: https://metasploit.com/download...

PandoraFMS ITSM 安全漏洞

PandoraFMS ITSM is a desktop help software from ESPPandoraFMS, Inc. A security vulnerability exists in PandoraFMS ITSM version 5.0.105, which stems from improper neutralization of the special elements of the chromiumpath variable, and could lead to OS command injection...

PandoraFMS ITSM 安全漏洞

PandoraFMS ITSM is a desktop help software from ESPPandoraFMS, Inc. A security vulnerability exists in PandoraFMS ITSM version 5.0.105, which stems from improper neutralization of special elements of the backup name field, and could lead to OS command injection...

CVE-2019-19968

PandoraFMS 742 suffers from multiple XSS vulnerabilities, affecting the Agent Management, Report Builder, and Graph Builder components. An authenticated user can inject dangerous content into a data store that is later read and included in dynamic content...

📄 PandoraFMS 7.0NG.772 SQL Injection

PandoraFMS version 7.0NG.772 proof of concept authenticated remote SQL injection exploit. Exploit Title: PandoraFMS console v7.0NG.772 - SQL Injection Authenticated Date: 21/11/2023 Exploit Author: Osama Yousef Vendor Homepage: https://pandorafms.com/ Software Link:...

PandoraFMS 7.0NG.772 - SQL Injection

Exploit Title: PandoraFMS 7.0NG.772 - SQL Injection Date: 21/11/2023 Exploit Author: Osama Yousef Vendor Homepage: https://pandorafms.com/ Software Link: https://github.com/pandorafms/pandorafms/releases/download/v772-LTS/pandorafmsagentlinux-7.0NG.772.tar.gz Version: v7.0NG.772 Tested on: Linux...

PT-2024-12979 · Undefined · Undefined

NCC Group выпустила третье исследование с оценкой безопасности популярных инструментов RMM, в котором представила обзор на 18 уязвимостей в PandoraFMS. Ранее в поле зрения исследователей попадали множественные уязвимости в Faronics Insight и Nagios XI. PandoraFMS - это приложение для мониторинга ...

PT-2024-12975 · Undefined · Undefined

NCC Group выпустила третье исследование с оценкой безопасности популярных инструментов RMM, в котором представила обзор на 18 уязвимостей в PandoraFMS. Ранее в поле зрения исследователей попадали множественные уязвимости в Faronics Insight и Nagios XI. PandoraFMS - это приложение для мониторинга ...

PandoraFMS Security Vulnerability

PandoraFMS is an application from PandoraFMS USA. It provides a monitoring feature. A security vulnerability exists in PandoraFMS versions 700 through 774 that stems from the presence of a cross-site scripting XSS vulnerability...

PandoraFMS Security Vulnerability

PandoraFMS is an application from PandoraFMS USA. It provides a monitoring feature. A security vulnerability exists in PandoraFMS versions 700 through 774 that stems from the presence of a cross-site scripting XSS vulnerability...

CVE-2023-2807 Authentication bypass in password reset process

Authentication Bypass by Spoofing vulnerability in the password reset process of Pandora FMS allows an unauthenticated attacker to initiate a password reset process for any user account without proper authentication. This issue affects PandoraFMS v771 and prior versions on all platforms...

CVE-2023-2807

CVE-2023-2807 affects Pandora FMS (PandoraFMS) installations, including v771 and earlier. The issue is an Authentication Bypass by Spoofing in the password reset workflow, allowing an unauthenticated attacker to initiate a password reset for any user account. Root cause described across connected...

PandoraFMS 安全漏洞

PandoraFMS is an application from PandoraFMS USA. It provides a monitoring feature. A security vulnerability exists in PandoraFMS 771 and prior versions, which stems from a spoofing bypass authentication vulnerability during password reset...

PandoraFMS 跨站脚本漏洞

PandoraFMS is an application from PandoraFMS USA. It provides a monitoring feature. A security vulnerability exists in PandoraFMS version v765, which stems from the presence of stored cross-site scripting, which could be exploited by an attacker to allow stealing cookie values from administrator...