4 matches found
Zabbix Sia Zabbix has an unspecified vulnerability (CNVD-2022-11529)
Zabbix Sia Zabbix is an open source monitoring system from the Latvian company Zabbix SIA Zabbix Sia. Zabbix 4.0 LTS, 4.2, 4.4 and 5.0 LTS versions are vulnerable due to a lack of filtering and escaping of user submitted command parameters. Any user with the "Zabbix Administrator" role can run a...
Zabbix Sia Zabbix has an unspecified vulnerability
Zabbix Sia Zabbix is an open source monitoring system from the Latvian company Zabbix SIA Zabbix Sia. The system supports network monitoring, server monitoring, cloud monitoring, and application monitoring, etc. A security vulnerability exists in Zabbix Frontend, which stems from the fact that wi...
ZABBIX<= 1.8.1 DBcondition函数SQL注入漏洞
BUGTRAQ ID: 39148 CVE ID: CVE-2010-0686 zabbix是一个CS结构的分布式网络监控系统。 Zabbix API使用了include/db.inc.php中定义的DBcondition函数来执行SQL查询中WHERE子句的条件。该函数没有对用户提供数据提供额外的检查: function DBcondition$fieldname, &$array, $notin=false, $string=false global $DB; $condition = ''; ---cut--- $in = $notin?' NOT IN ':' IN ';...
ZABBIX PHP前端多个输入验证漏洞
BUGTRAQ ID: 33965 zabbix是一个CS结构的分布式网络监控系统。 ZABBIX的PHP前端存在多个输入验证错误,远程攻击者可以通过提交恶意请求执行跨站请求伪造攻击、读取敏感信息或完全入侵有漏洞的系统。 1 include/validate.inc.php中没有正确的过滤对calcexp2函数所提交的extlang参数,这可能导致注入并执行任意PHP代码。 2 由于没有检查用户提交请求的有效性,远程攻击者可以通过提交HTTP执行非授权操作。 3...