Product:

Pandora_fms

(Pandorafms)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 45
Date Id Summary Products Score Patch Annotated
2020-06-11 CVE-2020-13850 Artica Pandora FMS 7.44 has inadequate access controls on a web folder. Pandora_fms 7.5
2020-06-11 CVE-2020-13851 Artica Pandora FMS 7.44 allows remote command execution via the events feature. Pandora_fms 8.8
2020-06-11 CVE-2020-13852 Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Manager feature. Pandora_fms 7.2
2020-06-11 CVE-2020-13853 Artica Pandora FMS 7.44 has persistent XSS in the Messages feature. Pandora_fms 5.4
2020-06-11 CVE-2020-13854 Artica Pandora FMS 7.44 allows privilege escalation. Pandora_fms 9.8
2020-06-11 CVE-2020-13855 Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Repository Manager feature. Pandora_fms 7.2
2021-06-25 CVE-2021-34074 PandoraFMS <=7.54 allows arbitrary file upload, it leading to remote command execution via the File Manager. To bypass the built-in protection, a relative path is used in the requests. Pandora_fms 9.8
2021-06-25 CVE-2021-35501 PandoraFMS <=7.54 allows Stored XSS by placing a payload in the name field of a visual console. When a user or an administrator visits the console, the XSS payload will be executed. Pandora_fms 5.4
2022-03-10 CVE-2022-0507 Found a potential security vulnerability inside the Pandora API. Affected Pandora FMS version range: all versions of NG version, up to OUM 759. This vulnerability could allow an attacker with authenticated IP to inject SQL. Pandora_fms 8.8
2022-07-25 CVE-2022-2032 In Pandora FMS v7.0NG.761 and below, in the file manager section, the dirname parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system. Pandora_fms 4.8