Lucene search

K
PaesslerPrtg Network Monitor*

20 matches found

CVE
CVE
added 2018/07/02 4:29 p.m.298 views

CVE-2018-9276

An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administrator web console with administrative privileges can exploit an OS command injection vulnerability (both on the server and on devices) by sending malformed parameters in sensor or n...

9CVSS7AI score0.83837EPSS
In wildWeb
CVE
CVE
added 2018/11/21 4:29 p.m.285 views

CVE-2018-19410

PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated attackers to create users with read-write privileges (including administrator). A remote unauthenticated user can craft an HTTP request and override attributes of the 'include' directive in /public/login.htm and perform a Local ...

9.8CVSS9.4AI score0.93118EPSS
In wildWeb
CVE
CVE
added 2020/04/05 12:15 a.m.149 views

CVE-2020-11547

PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated attackers to obtain information about probes running or the server itself (CPU usage, memory, Windows version, and internal statistics) via an HTTP request, as demonstrated by type=probes to login.htm or index.htm.

5.3CVSS5.2AI score0.88831EPSS
CVE
CVE
added 2020/03/16 7:15 p.m.94 views

CVE-2019-11073

A Remote Code Execution vulnerability exists in PRTG Network Monitor before 19.4.54.1506 that allows attackers to execute code due to insufficient sanitization when passing arguments to the HttpTransactionSensor.exe binary. In order to exploit the vulnerability, remote authenticated administrators ...

9CVSS7.1AI score0.16268EPSS
CVE
CVE
added 2023/08/09 12:15 p.m.81 views

CVE-2023-32781

A command injection vulnerability was identified in PRTG 23.2.84.1566 and earlier versions in the HL7 sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. The severity of this vulnerab...

7.2CVSS7.1AI score0.42231EPSS
Web
CVE
CVE
added 2018/11/21 4:29 p.m.78 views

CVE-2018-19411

PRTG Network Monitor before 18.2.40.1683 allows an authenticated user with a read-only account to create another user with a read-write account (including administrator) via an HTTP request because /api/addusers doesn't check, or doesn't properly check, user rights.

8.8CVSS8.5AI score0.0043EPSS
CVE
CVE
added 2022/10/25 5:15 p.m.69 views

CVE-2022-35739

PRTG Network Monitor through 22.2.77.2204 does not prevent custom input for a device’s icon, which can be modified to insert arbitrary content into the style tag for that device. When the device page loads, the arbitrary Cascading Style Sheets (CSS) data is inserted into the style tag, loading mali...

5.3CVSS5.1AI score0.0107EPSS
CVE
CVE
added 2018/04/21 2:29 a.m.67 views

CVE-2018-10253

Paessler PRTG Network Monitor before 18.1.39.1648 mishandles stack memory during unspecified API calls.

7.5CVSS7.5AI score0.10232EPSS
Web
CVE
CVE
added 2018/11/12 4:29 p.m.65 views

CVE-2018-19204

PRTG Network Monitor before 18.3.44.2054 allows a remote authenticated attacker (with read-write privileges) to execute arbitrary code and OS commands with system privileges. When creating an HTTP Advanced Sensor, the user's input in the POST parameter 'proxyport_' is mishandled. The attacker can c...

9CVSS8.8AI score0.02256EPSS
CVE
CVE
added 2025/02/11 8:15 p.m.61 views

CVE-2024-12833

Paessler PRTG Network Monitor SNMP Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Paessler PRTG Network Monitor. Some user interaction on the part of an administrator is required to...

8CVSS7.8AI score0.00046EPSS
CVE
CVE
added 2021/03/31 10:15 p.m.56 views

CVE-2021-27220

An issue was discovered in PRTG Network Monitor before 21.1.66.1623. By invoking the screenshot functionality with prepared context paths, an attacker is able to verify the existence of certain files on the filesystem of the PRTG's Web server.

5.3CVSS5.2AI score0.00363EPSS
CVE
CVE
added 2023/08/09 12:15 p.m.54 views

CVE-2023-31449

A path traversal vulnerability was identified in the WMI Custom sensor in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the WMI Custom sensor into behaving differently for existing files and non-existing files. This made it possible to travers...

4.7CVSS4.9AI score0.00097EPSS
CVE
CVE
added 2019/04/10 10:29 p.m.51 views

CVE-2018-14683

PRTG before 19.1.49.1966 has Cross Site Scripting (XSS) in the WEBGUI.

6.1CVSS6.5AI score0.00301EPSS
CVE
CVE
added 2024/02/08 11:15 p.m.51 views

CVE-2023-51630

Paessler PRTG Network Monitor Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Paessler PRTG Network Monitor. User interaction is required to exploit this vulnerability in that the target must ...

8.8CVSS8.5AI score0.00121EPSS
CVE
CVE
added 2018/11/12 4:29 p.m.43 views

CVE-2018-19203

PRTG Network Monitor before 18.2.41.1652 allows remote unauthenticated attackers to terminate the PRTG Core Server Service via a special HTTP request.

7.5CVSS7.5AI score0.00828EPSS
CVE
CVE
added 2021/09/13 3:15 p.m.42 views

CVE-2021-29643

PRTG Network Monitor before 21.3.69.1333 allows stored XSS via an unsanitized string imported from a User Object in a connected Active Directory instance.

5.4CVSS5.1AI score0.00302EPSS
CVE
CVE
added 2023/08/09 12:15 p.m.41 views

CVE-2023-31450

A path traversal vulnerability was identified in the SQL v2 sensors in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the SQL v2 sensors into behaving differently for existing files and non-existing files. This made it possible to traverse path...

4.7CVSS5.2AI score0.00097EPSS
CVE
CVE
added 2023/08/09 12:15 p.m.36 views

CVE-2023-31448

A path traversal vulnerability was identified in the HL7 sensor in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the HL7 sensor into behaving differently for existing files and non-existing files. This made it possible to traverse paths, allow...

4.7CVSS4.9AI score0.00097EPSS
CVE
CVE
added 2023/08/09 12:15 p.m.34 views

CVE-2023-31452

A cross-site request forgery (CSRF) token bypass was identified in PRTG 23.2.84.1566 and earlier versions that allows remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request. This could...

8.8CVSS8.8AI score0.01332EPSS
CVE
CVE
added 2023/08/09 12:15 p.m.34 views

CVE-2023-32782

A command injection was identified in PRTG 23.2.84.1566 and earlier versions in the Dicom C-ECHO sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. The severity of this vulnerability...

7.2CVSS7.1AI score0.21928EPSS