Latest artica pandora fms Vulnerabilities

CVE-2023-41812
Uploading executables via the file manager
Artica Pandora FMS>=700<774
CVE-2023-41811
Stored XSS Via Site News Page
Artica Pandora FMS>=700<=773
CVE-2023-41810
Stored XSS Via Dashboard Panel
Artica Pandora FMS>=700<=773
CVE-2023-41808
Arbitrary File Read As Root Via GoTTY Page
Artica Pandora FMS>=700<=773
CVE-2023-41807
Linux Local Privilege Escalation Via GoTTY Page
Artica Pandora FMS>=700<=773
CVE-2023-41806
Misassignment of privileges can cause DOS attack
Artica Pandora FMS>=700<=773
CVE-2023-41792
Lack of Authorization and Stored XSS Via SNMP Trap Editor Page
Artica Pandora FMS>=700<=773
CVE-2023-41791
Lack of Authorization and Stored XSS Via Translation Abuse
Artica Pandora FMS>=700<=773
CVE-2023-41790
Traversal Path on PHP file
Artica Pandora FMS>=700<=773
CVE-2023-41789
Unauthenticated Admin Account Takeover Via XSS
Artica Pandora FMS>=700<=773
CVE-2023-41788
Remote Code Execution via File Uploader
Artica Pandora FMS>=700<774
CVE-2023-41787
Arbitrary File Read
Artica Pandora FMS>=700<773
CVE-2023-4677
Cron log backup files contain administrator session IDs. It is trivial for any attacker who can reach the Pandora FMS Console to scrape the cron logs directory for cron log backups. The contents of th...
Artica Pandora FMS>=700<773
CVE-2021-46681
A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via module massive operation name field.
Artica Pandora FMS<757
CVE-2021-36697
With an admin account, the .htaccess file in Artica Pandora FMS <=755 can be overwritten with the File Manager component. The new .htaccess file contains a Rewrite Rule with a type definition. A norma...
Artica Pandora FMS<=755
CVE-2021-36698
Pandora FMS through 755 allows XSS via a new Event Filter with a crafted name.
Artica Pandora FMS<=755
CVE-2021-34075
In Artica Pandora FMS <=754 in the File Manager component, there is sensitive information exposed on the client side which attackers can access.
Artica Pandora FMS<=754
CVE-2021-32099
A SQL injection vulnerability in the pandora_console component of Artica Pandora FMS 742 allows an unauthenticated attacker to upgrade his unprivileged session via the /include/chart_generator.php ses...
Artica Pandora FMS=742
CVE-2021-32100
A remote file inclusion vulnerability exists in Artica Pandora FMS 742, exploitable by the lowest privileged user.
Artica Pandora FMS=742
CVE-2021-32098
Artica Pandora FMS 742 allows unauthenticated attackers to perform Phar deserialization.
Artica Pandora FMS=742
CVE-2020-7935
Artica Pandora FMS through 7.42 is vulnerable to remote PHP code execution because of an Unrestricted Upload Of A File With A Dangerous Type issue in the File Manager. An attacker can create a (or use...
Artica Pandora FMS<=7.42
CVE-2020-8511
In Artica Pandora FMS through 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the File Repository component, a different issue than CVE-2020-7935 and CVE-2020-8500.
Artica Pandora FMS<=7.42
CVE-2020-8497
In Artica Pandora FMS through 7.42, an unauthenticated attacker can read the chat history. The file is in JSON format and it contains user names, user IDs, private messages, and timestamps.
Artica Pandora FMS<=7.42
CVE-2020-5844
index.php?sec=godmode/extensions&sec2=extensions/files_repo in Pandora FMS v7.0 NG allows authenticated administrators to upload malicious PHP scripts, and execute them via base64 decoding of the file...
Artica Pandora FMS=7.0_ng
CVE-2020-8500
** DISPUTED ** In Artica Pandora FMS 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the Updater or Extension component. NOTE: The vendor reports that this is intended fu...
Artica Pandora FMS=7.42
=7.42
CVE-2020-8947
Artica Pandora FMS=7.0
CVE-2019-20050
Pandora FMS ≤ 7.42 suffers from a remote code execution vulnerability. To exploit the vulnerability, an authenticated user should create a new folder with a "tricky" name in the filemanager. The explo...
Artica Pandora FMS=7.42
CVE-2019-20224
netflow_get_stats in functions_netflow.php in Pandora FMS 7.0NG allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ip_src parameter in an index.php?oper...
Artica Pandora FMS=7.0_ng
CVE-2019-19681
** DISPUTED ** Pandora FMS 7.x suffers from remote code execution vulnerability. With an authenticated user who can modify the alert system, it is possible to define and execute commands as root/Admin...
Artica Pandora FMS=7.0
=7.0
CVE-2018-11221
Unauthenticated untrusted file upload in Artica Pandora FMS through version 7.23 allows an attacker to upload an arbitrary plugin via include/ajax/update_manager.ajax in the update system.
Artica Pandora FMS<=7.23
CVE-2018-11222
Local File Inclusion (LFI) in Artica Pandora FMS through version 7.23 allows an attacker to call any php file via the /pandora_console/ajax.php ajax endpoint.
Artica Pandora FMS<=7.23

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203