Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pandorafms vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-26308
Pandora FMS v7.0NG.760 and below allows an improper access control in Configuration (Credential store) where a user with the role of Operator (Write) could create, delete, view existing keys which are outside the intended role.
Pandorafms Pandora Fms
NA
CVE-2022-26309
Pandora FMS v7.0NG.759 allows Cross-Site Request Forgery in Bulk operation (User operation) resulting in elevation of privilege to Administrator group.
Pandorafms Pandora Fms
NA
CVE-2022-26310
Pandora FMS v7.0NG.760 and below allows an improper authorization in User Management where any authenticated user with access to the User Management module could create, modify or delete any user with full admin privilege. The impact could lead to a vertical privilege escalation ...
Pandorafms Pandora Fms
NA
CVE-2021-46677
A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an malicious user to perform javascript code executions via the event filter name field.
Pandorafms Pandora Fms
NA
CVE-2021-46680
A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an malicious user to perform javascript code executions via the module form name field.
Pandorafms Pandora Fms
NA
CVE-2022-47373
Reflected Cross Site Scripting in Search Functionality of Module Library in Pandora FMS Console v766 and lower. This vulnerability arises on the forget password functionality in which parameter username does not proper input validation/sanitization thus results in executing malic...
Pandorafms Pandora Fms
1 Github repository
8.5
CVSSv2
CVE-2020-11749
Pandora FMS 7.0 NG <= 746 suffers from Multiple XSS vulnerabilities in different browser views. A network administrator scanning a SNMP device can trigger a Cross Site Scripting (XSS), which can run arbitrary code to allow Remote Code Execution as root or apache2.
Pandorafms Pandora Fms
7.5
CVSSv2
CVE-2021-34074
PandoraFMS <=7.54 allows arbitrary file upload, it leading to remote command execution via the File Manager. To bypass the built-in protection, a relative path is used in the requests.
Pandorafms Pandora Fms
NA
CVE-2021-46679
A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an malicious user to perform javascript code executions via service elements.
Pandorafms Pandora Fms
7.2
CVSSv2
CVE-2019-13035
Artica Pandora FMS 7.0 NG prior to 735 suffers from local privilege escalation due to improper permissions on C:\PandoraFMS and its sub-folders, allowing standard users to create new files. Moreover, the Apache service httpd.exe will try to execute cmd.exe from C:\PandoraFMS (the...
Pandorafms Pandora Fms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »