Filtered by vendor Zevenet
Subscriptions
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-10039 | 1 Zevenet | 1 Zen Load Balancer | 2025-08-12 | N/A |
| ZEN Load Balancer versions 2.0 and 3.0-rc1 contain a command injection vulnerability in content2-2.cgi. The filelog parameter is passed directly into a backtick-delimited exec() call without sanitation. An authenticated attacker can inject arbitrary shell commands, resulting in remote code execution as the root user. ZEN Load Balancer is the predecessor of ZEVENET and SKUDONET. The affected versions (2.0 and 3.0-rc1) are no longer supported. SKUDONET CE is the current community-maintained successor. | ||||
| CVE-2020-11491 | 1 Zevenet | 1 Zen Load Balancer | 2024-11-21 | 4.9 Medium |
| Monitoring::Logs in Zen Load Balancer 3.10.1 allows remote authenticated admins to conduct absolute path traversal attacks, as demonstrated by a filelog=/etc/shadow request to index.cgi. | ||||
| CVE-2020-11490 | 1 Zevenet | 1 Zen Load Balancer | 2024-11-21 | 7.2 High |
| Manage::Certificates in Zen Load Balancer 3.10.1 allows remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the index.cgi cert_issuer, cert_division, cert_organization, cert_locality, cert_state, cert_country, or cert_email parameter. | ||||
| CVE-2019-7301 | 1 Zevenet | 1 Zen Load Balancer | 2024-11-21 | N/A |
| Zen Load Balancer 3.10.1 allows remote authenticated admin users to execute arbitrary commands as root via shell metacharacters in the index.cgi?action=View_Cert certname parameter. | ||||
Page 1 of 1.