7 matches found
CVE-2024-35306
OS Command injection in Ajax PHP files via HTTP Request, allows to execute system commands by exploiting variables. This issue affects Pandora FMS: from 700 through 777...
CVE-2023-44091
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Pandora FMS on all allows SQL Injection. This ulnerability allowed SQL injections to be made even if authentication failed.This issue affects Pandora FMS: from 700 through 776...
PT-2023-28109 · Unknown · Pandora Fms
Name of the Vulnerable Software and Affected Versions: Pandora FMS versions 700 through 773 Description: The issue allows unrestricted upload of files with dangerous types, specifically PHP executable files, through the file manager. This is due to accessing functionality not properly constrained...
PT-2023-28093 · Unknown · Pandora Fms
Name of the Vulnerable Software and Affected Versions: Pandora FMS versions 700 through 773 Description: The issue is related to an Uncontrolled Search Path Element vulnerability, which allows for Leveraging/Manipulating Configuration File Search Paths. This vulnerability enables access to the...
Artica Pandora FMS Cross-Site Scripting Vulnerability
Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A cross-site scripting vulnerability exists in Artica Pandora FMS versions 700 through 773, which arises from improperly...
PT-2023-28091 · Unknown · Pandora Fms
Name of the Vulnerable Software and Affected Versions: Pandora FMS versions 700 through 773 Description: The issue is related to improper neutralization of input during web page generation, also known as Cross-site Scripting XSS. This allows an attacker to perform cookie hijacking and log in as a...
PT-2020-19098 · Sap · Sap Netweaver As Abap
Name of the Vulnerable Software and Affected Versions: SAP Netweaver AS ABAP versions 700 through 755 Description: The issue allows an unauthenticated attacker to send a polluted URL to the victim. When the victim clicks on this URL, the attacker can read and modify the information available in t...