Filtered by vendor Pandorafms
Subscriptions
Total
49 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-13852 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | 7.2 High |
| Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Manager feature. | ||||
| CVE-2020-13851 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | 8.8 High |
| Artica Pandora FMS 7.44 allows remote command execution via the events feature. | ||||
| CVE-2020-13850 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | 7.5 High |
| Artica Pandora FMS 7.44 has inadequate access controls on a web folder. | ||||
| CVE-2020-11749 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | 9.0 Critical |
| Pandora FMS 7.0 NG <= 746 suffers from Multiple XSS vulnerabilities in different browser views. A network administrator scanning a SNMP device can trigger a Cross Site Scripting (XSS), which can run arbitrary code to allow Remote Code Execution as root or apache2. | ||||
| CVE-2019-19968 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | 5.4 Medium |
| PandoraFMS 742 suffers from multiple XSS vulnerabilities, affecting the Agent Management, Report Builder, and Graph Builder components. An authenticated user can inject dangerous content into a data store that is later read and included in dynamic content. | ||||
| CVE-2019-13035 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | N/A |
| Artica Pandora FMS 7.0 NG before 735 suffers from local privilege escalation due to improper permissions on C:\PandoraFMS and its sub-folders, allowing standard users to create new files. Moreover, the Apache service httpd.exe will try to execute cmd.exe from C:\PandoraFMS (the current directory) as NT AUTHORITY\SYSTEM upon web requests to the portal. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITY\SYSTEM. | ||||
| CVE-2018-11223 | 1 Pandorafms | 1 Artica Pandora Fms | 2024-11-21 | N/A |
| XSS in Artica Pandora FMS before 7.0 NG 723 allows an attacker to execute arbitrary code via a crafted "refr" parameter in a "/pandora_console/index.php?sec=estado&sec2=operation/agentes/estado_agente&refr=" call. | ||||
| CVE-2024-9987 | 1 Pandorafms | 1 Pandora Fms | 2024-10-25 | 8.8 High |
| A post-authentication SQL Injection vulnerability within the filters parameter of the extensions/agents_modules_csv functionality. This issue affects Pandora FMS: from 700 through <777.3. | ||||
| CVE-2024-35308 | 1 Pandorafms | 1 Pandora Fms | 2024-10-25 | 8.8 High |
| A post-authentication arbitrary file read vulnerability within the server plugins section in plugin edition feature. This issue affects Pandora FMS: from 700 through <777.3. | ||||