Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pandora fms vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-26310
Pandora FMS v7.0NG.760 and below allows an improper authorization in User Management where any authenticated user with access to the User Management module could create, modify or delete any user with full admin privilege. The impact could lead to a vertical privilege escalation ...
Pandorafms Pandora Fms
3.5
CVSSv2
CVE-2021-36698
Pandora FMS through 755 allows XSS via a new Event Filter with a crafted name.
Artica Pandora Fms
NA
CVE-2023-44088
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows SQL Injection. Arbitrary SQL queries were allowed to be executed using any account with low privileges. This issue affects Pandora FMS: from 7...
Pandorafms Pandora Fms
NA
CVE-2023-44089
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). It was possible to execute malicious JS code on Visual Consoles. This issue affects Pandora FMS: from 700 up to an...
Pandorafms Pandora Fms
NA
CVE-2023-0828
Cross-site Scripting (XSS) vulnerability in Syslog Section of Pandora FMS allows malicious user to cause that users cookie value will be transferred to the attackers users server. This issue affects Pandora FMS v767 version and prior versions on all platforms.
Pandorafms Pandora Fms
NA
CVE-2022-47372
Stored cross-site scripting vulnerability in the Create event section in Pandora FMS Console v766 and lower. An attacker typically exploits this vulnerability by injecting XSS payloads on popular pages of a site or passing a link to a victim, tricking them into viewing the page t...
Pandorafms Pandora Fms
NA
CVE-2022-47373
Reflected Cross Site Scripting in Search Functionality of Module Library in Pandora FMS Console v766 and lower. This vulnerability arises on the forget password functionality in which parameter username does not proper input validation/sanitization thus results in executing malic...
Pandorafms Pandora Fms
1 Github repository
NA
CVE-2022-26308
Pandora FMS v7.0NG.760 and below allows an improper access control in Configuration (Credential store) where a user with the role of Operator (Write) could create, delete, view existing keys which are outside the intended role.
Pandorafms Pandora Fms
NA
CVE-2022-26309
Pandora FMS v7.0NG.759 allows Cross-Site Request Forgery in Bulk operation (User operation) resulting in elevation of privilege to Administrator group.
Pandorafms Pandora Fms
7.2
CVSSv2
CVE-2019-13035
Artica Pandora FMS 7.0 NG prior to 735 suffers from local privilege escalation due to improper permissions on C:\PandoraFMS and its sub-folders, allowing standard users to create new files. Moreover, the Apache service httpd.exe will try to execute cmd.exe from C:\PandoraFMS (the...
Pandorafms Pandora Fms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »