RSS   Vulnerabilities for 'Pandora fms'   RSS

2022-03-10
 
CVE-2022-0507

CWE-89
 
 
Found a potential security vulnerability inside the Pandora API. Affected Pandora FMS version range: all versions of NG version, up to OUM 759. This vulnerability could allow an attacker with authenticated IP to inject SQL.

 
2021-06-25
 
CVE-2021-34074

CWE-434
 
 
PandoraFMS <=7.54 allows arbitrary file upload, it leading to remote command execution via the File Manager. To bypass the built-in protection, a relative path is used in the requests.

 
 
CVE-2021-35501

CWE-79
 
 
PandoraFMS <=7.54 allows Stored XSS by placing a payload in the name field of a visual console. When a user or an administrator visits the console, the XSS payload will be executed.

 
2020-07-13
 
CVE-2020-11749

CWE-79
 
 
Pandora FMS 7.0 NG <= 746 suffers from Multiple XSS vulnerabilities in different browser views. A network administrator scanning a SNMP device can trigger a Cross Site Scripting (XSS), which can run arbitrary code to allow Remote Code Execution as root or apache2.

 
2020-06-11
 
CVE-2020-13855

CWE-434
 
 
Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Repository Manager feature.

 
 
CVE-2020-13854

CWE-269
 
 
Artica Pandora FMS 7.44 allows privilege escalation.

 
 
CVE-2020-13853

CWE-79
 
 
Artica Pandora FMS 7.44 has persistent XSS in the Messages feature.

 
 
CVE-2020-13852

CWE-434
 
 
Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Manager feature.

 
 
CVE-2020-13851

CWE-74
 
 
Artica Pandora FMS 7.44 allows remote command execution via the events feature.

 
 
CVE-2020-13850

CWE-862
 
 
Artica Pandora FMS 7.44 has inadequate access controls on a web folder.

 

Copyright 2024, cxsecurity.com

 

Back to Top