Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
ZabbixZabbix

9 matches found

CVE
CVEadded 2018/04/09 8:29 p.m.65 views

CVE-2017-2826

An information disclosure vulnerability exists in the iConfig proxy request of Zabbix server 2.4.X. A specially crafted iConfig proxy request can cause the Zabbix server to send the configuration information of any Zabbix proxy, resulting in information disclosure. An attacker can make requests fro...

4.3CVSS3.9AI score0.00262EPSS
CVE
CVEadded 2014/05/08 2:29 p.m.63 views

CVE-2014-1682

The API in Zabbix before 1.8.20rc1, 2.0.x before 2.0.11rc1, and 2.2.x before 2.2.2rc1 allows remote authenticated users to spoof arbitrary users via the user name in a user.login request.

4CVSS8.6AI score0.00252EPSS
CVE
CVEadded 2010/08/05 1:23 p.m.61 views

CVE-2010-2790

Multiple cross-site scripting (XSS) vulnerabilities in the formatQuery function in frontends/php/include/classes/class.curl.php in Zabbix before 1.8.3rc1 allow remote attackers to inject arbitrary web script or HTML via the (1) filter_set, (2) show_details, (3) filter_rst, or (4) txt_select paramet...

4.3CVSS5.6AI score0.00442EPSS
CVE
CVEadded 2011/12/29 10:55 p.m.57 views

CVE-2011-5027

Cross-site scripting (XSS) vulnerability in ZABBIX before 1.8.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the profiler.

4.3CVSS5.5AI score0.00442EPSS
CVE
CVEadded 2024/08/12 1:38 p.m.57 views

CVE-2024-22114

User with no permission to any of the Hosts can access and view host count & other statistics through System Information Widget in Global View Dashboard.

4.3CVSS4.5AI score0.00128EPSS
CVE
CVEadded 2014/01/29 6:55 p.m.49 views

CVE-2012-6086

libs/zbxmedia/eztexting.c in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.8rc1, and 2.1.x before 2.1.2 does not properly set the CURLOPT_SSL_VERIFYHOST option for libcurl, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

4.3CVSS9AI score0.00194EPSS
CVE
CVEadded 2011/08/19 9:55 p.m.48 views

CVE-2011-2904

Cross-site scripting (XSS) vulnerability in acknow.php in Zabbix before 1.8.6 allows remote attackers to inject arbitrary web script or HTML via the backurl parameter.

4.3CVSS5.5AI score0.00713EPSS
CVE
CVEadded 2011/12/29 10:55 p.m.47 views

CVE-2011-4615

Multiple cross-site scripting (XSS) vulnerabilities in Zabbix before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the gname parameter (aka host groups name) to (1) hostgroups.php and (2) usergrps.php, the update action to (3) hosts.php and (4) scripts.php, and (5) mainte...

4.3CVSS5.6AI score0.00545EPSS
CVE
CVEadded 2008/03/17 5:44 p.m.37 views

CVE-2008-1353

zabbix_agentd in ZABBIX 1.4.4 allows remote attackers to cause a denial of service (CPU and connection consumption) via multiple vfs.file.cksum commands with a special device node such as /dev/urandom or /dev/zero.

4.3CVSS6.8AI score0.05858EPSS