RSS   Vulnerabilities for 'Ganglia'   RSS

2011-09-23
 
CVE-2011-3741

CWE-200
 

 
Ganglia 3.1.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by host_view.php and certain other files.

 
2009-01-21
 
CVE-2009-0241

CWE-119
 

 
Stack-based buffer overflow in the process_path function in gmetad/server.c in Ganglia 3.1.1 allows remote attackers to cause a denial of service (crash) via a request to the gmetad service with a long pathname.

 
2007-12-19
 
CVE-2007-6465

CWE-79
 

 
Multiple cross-site scripting (XSS) vulnerabilities in ganglia-web in Ganglia before 3.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) c and (2) h parameters to (a) web/host_gmetrics.php; the (3) G, (4) me, (5) x, (6) n, (7) v, (8) l, (9) vl, and (10) st parameters to (b) web/graph.php; and the (11) c, (12) G, (13) h, (14) r, (15) m, (16) s, (17) cr, (18) hc, (19) sh, (20) p, (21) t, (22) jr, (23) js, (24) gw, (25) z, and (26) gs parameters to (c) web/get_context.php. NOTE: some of these details are obtained from third party information.

 

 >>> Vendor: Ganglia 4 Products
Php rrd web client
Gmond
Ganglia
Ganglia-web


Copyright 2024, cxsecurity.com

 

Back to Top