Filtered by vendor Pandorafms Subscriptions
Total 48 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-13850 1 Pandorafms 1 Pandora Fms 2024-11-21 7.5 High
Artica Pandora FMS 7.44 has inadequate access controls on a web folder.
CVE-2020-11749 1 Pandorafms 1 Pandora Fms 2024-11-21 9.0 Critical
Pandora FMS 7.0 NG <= 746 suffers from Multiple XSS vulnerabilities in different browser views. A network administrator scanning a SNMP device can trigger a Cross Site Scripting (XSS), which can run arbitrary code to allow Remote Code Execution as root or apache2.
CVE-2019-19968 1 Pandorafms 1 Pandora Fms 2024-11-21 5.4 Medium
PandoraFMS 742 suffers from multiple XSS vulnerabilities, affecting the Agent Management, Report Builder, and Graph Builder components. An authenticated user can inject dangerous content into a data store that is later read and included in dynamic content.
CVE-2019-13035 1 Pandorafms 1 Pandora Fms 2024-11-21 N/A
Artica Pandora FMS 7.0 NG before 735 suffers from local privilege escalation due to improper permissions on C:\PandoraFMS and its sub-folders, allowing standard users to create new files. Moreover, the Apache service httpd.exe will try to execute cmd.exe from C:\PandoraFMS (the current directory) as NT AUTHORITY\SYSTEM upon web requests to the portal. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITY\SYSTEM.
CVE-2018-11223 1 Pandorafms 1 Artica Pandora Fms 2024-11-21 N/A
XSS in Artica Pandora FMS before 7.0 NG 723 allows an attacker to execute arbitrary code via a crafted "refr" parameter in a "/pandora_console/index.php?sec=estado&sec2=operation/agentes/estado_agente&refr=" call.
CVE-2014-8629 1 Pandorafms 1 Pandora Flexible Monitoring System 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the Page visualization agents in Pandora FMS 5.1 SP1 and earlier allows remote attackers to inject arbitrary web script or HTML via the refr parameter to index.php.
CVE-2024-9987 1 Pandorafms 1 Pandora Fms 2024-10-25 8.8 High
A post-authentication SQL Injection vulnerability within the filters parameter of the extensions/agents_modules_csv functionality. This issue affects Pandora FMS: from 700 through <777.3.
CVE-2024-35308 1 Pandorafms 1 Pandora Fms 2024-10-25 8.8 High
A post-authentication arbitrary file read vulnerability within the server plugins section in plugin edition feature. This issue affects Pandora FMS: from 700 through <777.3.