Zabbix - SQL Injection

Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggleids array parameter in latest.php and perform SQL injection attacks. id: CVE-2016-10134 info: name: Zabbix - SQL Injection author: princechaddha severity: critical description: Zabbix...

Zabbix <=4.4 - Authentication Bypass

Zabbix through 4.4 is susceptible to an authentication bypass vulnerability via zabbix.php?action=dashboard.view&dashboardid=1. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password i.e., anonymously...

Zabbix Setup Configuration Authentication Bypass

After the initial setup process, some steps of setup.php file are reachable not only by super-administrators but also by unauthenticated users. A malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend. id: CVE-2022-23134 info: name: Zabbix Setup...

Zabbix - SAML SSO Authentication Bypass

When SAML SSO authentication is enabled non-default, session data can be modified by a malicious actor because a user login stored in the session was not verified. id: CVE-2022-23131 info: name: Zabbix - SAML SSO Authentication Bypass author: For3stCo1d,spac3wh1te severity: critical description:...

Grafana & Zabbix Integration - Credentials Disclosure

Grafana through 7.3.4, when integrated with Zabbix, contains a credential disclosure vulnerability. The Zabbix password can be found in the apijsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search...

bug-bounty-hunts

Bug Bounty Hunts Curated writeups and proof-of-concept materi...

Astra Linux - уязвимость в zabbix

The Zabbix Agent 2 smartctl plugin does not properly sanitize the parameters of the smart.disk.get command, allowing an attacker to inject unexpected arguments into the smartctl command. In Zabbix 5.0, this allows for remote code execution...

Astra Linux - уязвимость в zabbix

When a URL is added to the map element, it is recorded in the database with a sequential ID. When adding a new URL, the system retrieves the previous value of the sysmapelementurlid and increments it by one. However, an issue arises when a user manually changes the sysmapelementurlid value by...

Astra Linux - уязвимость в zabbix

In Zabbix versions 4.0.x before 4.0.28rc1, 5.0.0alpha1 before 5.0.10rc1, 5.2.x before 5.2.6rc1, and 5.4.0alpha1 before 5.4.0beta2, the CControllerAuthenticationUpdate controller lacks a CSRF protection mechanism. The code within this controller calls diableSIDValidation within the init method. An...

Astra Linux - уязвимость в zabbix

The URL validation scheme receives input from a user and then parses it to identify its various components. This validation scheme ensures that all URL components comply with internet standards...

Astra Linux - уязвимость в zabbix

A authenticated user with API access e.g., a user with the default User role can be added to any group e.g., Zabbix Administrators. Specifically, a user with access to the user.update API endpoint can be added to any group, except for groups that are disabled or have restricted GUI access...

Astra Linux - уязвимость в zabbix

A authenticated user can create a hosts group using the configuration with XSS payload, which will be available to other users. When XSS is stored by an authenticated malicious actor, and other users attempt to search for groups during the creation of new hosts, the XSS payload will activate,...

Astra Linux - уязвимость в zabbix

The Zabbix Agent 2 item key “smart.disk.get” does not sanitize its parameters before passing them to a shell command, which may lead to a vulnerability for remote code execution...

Astra Linux - уязвимость в zabbix

Users who do not have permission for any host can access and view the number of hosts along with other statistics through the System Information Widget in the Global View Dashboard...

Astra Linux - уязвимость в zabbix

A low-privilege regular Zabbix user with API access can exploit the SQL injection vulnerability in the include/classes/api/CApiService.php file to execute arbitrary SQL commands using the groupBy parameter...

Astra Linux - уязвимость в zabbix

Stored or persistent cross-site scripting XSS is a type of XSS attack where the attacker first sends the malicious payload to the web application. The application then stores the payload e.g., in a database or server-side text files. Eventually, the application inadvertently executes the payload...

Astra Linux - уязвимость в zabbix

The implementation of atob in "Zabbix JS" allows for creating a string with arbitrary content and using it to access internal properties of objects...

Astra Linux - уязвимость в zabbix

Currently, the geomap configuration Administration - General - Geographical maps allows the use of HTML in the “Attribution text” field when the “Other” Tile provider is selected...

Astra Linux - уязвимость в zabbix

The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files using zbxjsonopen...

Astra Linux - уязвимость в zabbix

The researcher has shown that due to the way the SNMP trap log is parsed, an attacker can create an SNMP trap with additional lines of information, causing forged data to appear in the Zabbix UI. This attack requires that SNMP authentication be disabled, and/or that the attacker knows the...