4 matches found
Zenoss 2.3.3 Multiple Cross Site Request Forgery Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/37843/info Zenoss is prone to multiple cross-site request-forgery vulnerabilities. Exploiting these issues may allow a remote attacker to perform certain administrative actions, execute arbitrary commands, gain unauthoriz...
CVE-2010-0713
Multiple cross-site request forgery CSRF vulnerabilities in Zenoss 2.3.3, and other versions before 2.5, allow remote attackers to hijack the authentication of an administrator for 1 requests that reset user passwords via zport/dmd/ZenUsers/admin, and 2 requests that change user commands, which...
CVE-2010-0712
Multiple SQL injection vulnerabilities in zport/dmd/Events/getJSONEventsInfo in Zenoss 2.3.3, and other versions before 2.5, allow remote authenticated users to execute arbitrary SQL commands via the 1 severity, 2 state, 3 filter, 4 offset, and 5 count parameters...
Zenoss 2.3.3 Cross Site Request Forgery
nGenuity Information Services - Security Advisory Advisory ID: NGENUITY-2010-002 - Zenoss Multiple Admin CSRF Application: Zenoss 2.3.3 Vendor: Zenoss Vendor website: http://www.zenoss.com Author: Adam Baldwin [email protected] I. BACKGROUND Zenoss is a commercial and open source system...