Lucene search
K

25 matches found

seebug.org
seebug.org
added 2017/04/28 12:0 a.m.58 views

Zabbix Proxy Server SQL Database Write Vulnerability (CVE-2017-2825)

Official patch earlier to fix the vulnerabilities: the Zabbix code execution vulnerability DETAILS One of the Trapper requests made by the Zabbix proxy is the ìproxy configî request, which allows a proxy to request its own proxy configuration from the Zabbix Server or any other Zabbix Proxyís...

7.8AI score0.04385EPSS
Exploits2
CNVD
CNVD
added 2017/04/28 12:0 a.m.1 views

Remote Code Execution and Database Write Vulnerabilities in Zabbix

zabbix is a WEB-based interface to provide distributed system monitoring and network monitoring capabilities of enterprise-class open source solutions . A remote code execution vulnerability exists in the trapper command feature in Zabbix version 2.4.x. A specific packet can cause a command...

8.1CVSS8.3AI score0.261EPSS
Exploits24References1
seebug.org
seebug.org
added 2017/04/28 12:0 a.m.138 views

Zabbix Server Active Proxy Trapper Remote Code Execution Vulnerability( CVE-2017-2824)

Official patch earlier to fix the vulnerabilities: the Zabbix database write vulnerability The vulnerability lies within the ìTrapperî section of the Zabbix Code, this is the network service that allows the Proxies and the Server to communicate TCP Port 10051 There are a set of API calls that the...

6.8CVSS8.9AI score0.261EPSS
Exploits24
Talos
Talos
added 2017/04/27 12:0 a.m.45 views

Zabbix Proxy Server SQL Database Write Vulnerability

Summary An exploitable database write vulnerability exists in the trapper functionality of Zabbix Server 2.4.X . Specifically crafted trapper packets can pass database logic checks, resulting in database writes. An attacker set up a Man-in-the-Middle server to alter trapper requests made between ...

7CVSS7.1AI score0.04385EPSS
Exploits2
Talos
Talos
added 2017/04/27 12:0 a.m.8931 views

Zabbix Server Active Proxy Trapper Remote Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X . A specially crafted set of packets can cause a command injection resulting in remote code execution. An attacker can make requests from an active Zabbix Proxy to trigger this...

8.1CVSS8.7AI score0.261EPSS
Exploits24
Rows per page
Query Builder