Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Pandora_fms
(Pandorafms)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 45 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-12-29 | CVE-2023-41814 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Through an HTML payload (iframe tag) it is possible to carry out XSS attacks when the user receiving the messages opens their notifications. This issue affects Pandora FMS: from 700 through 774. | Pandora_fms | 6.1 | ||
| 2023-12-29 | CVE-2023-41815 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Malicious code could be executed in the File Manager section. This issue affects Pandora FMS: from 700 through 774. | Pandora_fms | 6.1 | ||
| 2023-12-29 | CVE-2023-44088 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows SQL Injection. Arbitrary SQL queries were allowed to be executed using any account with low privileges. This issue affects Pandora FMS: from 700 through 774. | Pandora_fms | 8.8 | ||
| 2023-12-29 | CVE-2023-44089 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). It was possible to execute malicious JS code on Visual Consoles. This issue affects Pandora FMS: from 700 through 774. | Pandora_fms | 6.1 | ||
| 2024-11-21 | CVE-2024-11320 | Arbitrary commands execution on the server by exploiting a command injection vulnerability in the LDAP authentication mechanism. This issue affects Pandora FMS: from 700 through <=777.4 | Pandora_fms | 9.8 | ||
| 2024-10-22 | CVE-2024-35308 | A post-authentication arbitrary file read vulnerability within the server plugins section in plugin edition feature. This issue affects Pandora FMS: from 700 through <777.3. | Pandora_fms | 8.8 | ||
| 2024-10-22 | CVE-2024-9987 | A post-authentication SQL Injection vulnerability within the filters parameter of the extensions/agents_modules_csv functionality. This issue affects Pandora FMS: from 700 through <777.3. | Pandora_fms | 8.8 | ||
| 2020-07-13 | CVE-2020-11749 | Pandora FMS 7.0 NG <= 746 suffers from Multiple XSS vulnerabilities in different browser views. A network administrator scanning a SNMP device can trigger a Cross Site Scripting (XSS), which can run arbitrary code to allow Remote Code Execution as root or apache2. | Pandora_fms | 9.0 | ||
| 2019-06-29 | CVE-2019-13035 | Artica Pandora FMS 7.0 NG before 735 suffers from local privilege escalation due to improper permissions on C:\PandoraFMS and its sub-folders, allowing standard users to create new files. Moreover, the Apache service httpd.exe will try to execute cmd.exe from C:\PandoraFMS (the current directory) as NT AUTHORITY\SYSTEM upon web requests to the portal. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITY\SYSTEM. | Pandora_fms | 7.8 | ||
| 2020-02-04 | CVE-2019-19968 | PandoraFMS 742 suffers from multiple XSS vulnerabilities, affecting the Agent Management, Report Builder, and Graph Builder components. An authenticated user can inject dangerous content into a data store that is later read and included in dynamic content. | Pandora_fms | N/A |