Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zabbix zabbix vulnerabilities and exploits
(subscribe to this query)
4.4
CVSSv3
CVE-2022-24918
An authenticated user can create a link with reflected Javascript code inside it for items’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious co...
Zabbix Frontend
Zabbix Frontend 6.0.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
4.4
CVSSv3
CVE-2022-24919
An authenticated user can create a link with reflected Javascript code inside it for graphs’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious c...
Zabbix Frontend
Zabbix Frontend 6.0.0
Debian Debian Linux 9.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
4.4
CVSSv3
CVE-2022-24349
An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed ...
Zabbix Frontend
Zabbix Frontend 6.0.0
Debian Debian Linux 9.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
3.7
CVSSv3
CVE-2017-2826
An information disclosure vulnerability exists in the iConfig proxy request of Zabbix server 2.4.X. A specially crafted iConfig proxy request can cause the Zabbix server to send the configuration information of any Zabbix proxy, resulting in information disclosure. An attacker ca...
Zabbix Zabbix 2.4.1
Zabbix Zabbix 2.4.2
Zabbix Zabbix 2.4.6
Zabbix Zabbix 2.4.7
Zabbix Zabbix 2.4.9
Zabbix Zabbix 2.4.3
Zabbix Zabbix 2.4.4
Zabbix Zabbix 2.4.5
Zabbix Zabbix 2.4.0
Zabbix Zabbix 2.4.8
Debian Debian Linux 8.0
NA
CVE-2024-22120
Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind...
1 Github repository
NA
CVE-2016-9140
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
NA
CVE-2014-9450
Multiple SQL injection vulnerabilities in chart_bar.php in the frontend in Zabbix prior to 1.8.22, 2.0.x prior to 2.0.14, and 2.2.x prior to 2.2.8 allow remote malicious users to execute arbitrary SQL commands via the (1) itemid or (2) periods parameter.
Zabbix Zabbix 2.0.4
Zabbix Zabbix 2.0.5
Zabbix Zabbix 2.0.2
Zabbix Zabbix 2.0.3
Zabbix Zabbix 2.0.6
Zabbix Zabbix 2.0.8
Zabbix Zabbix 2.0.11
Zabbix Zabbix 2.0.10
Zabbix Zabbix 2.0.9
Zabbix Zabbix 2.0.13
Zabbix Zabbix 2.2.0
Zabbix Zabbix 2.2.2
Zabbix Zabbix 2.2.3
Zabbix Zabbix 2.2.4
Zabbix Zabbix 2.0.1
Zabbix Zabbix 2.2.1
Zabbix Zabbix 2.2.6
Zabbix Zabbix 2.2.7
Zabbix Zabbix
Zabbix Zabbix 2.0.7
Zabbix Zabbix 2.2.5
Zabbix Zabbix 2.0.12
NA
CVE-2014-1682
The API in Zabbix prior to 1.8.20rc1, 2.0.x prior to 2.0.11rc1, and 2.2.x prior to 2.2.2rc1 allows remote authenticated users to spoof arbitrary users via the user name in a user.login request.
Zabbix Zabbix 2.0.2
Zabbix Zabbix 2.0.3
Zabbix Zabbix 2.0.7
Zabbix Zabbix 2.0.8
Zabbix Zabbix 2.2.0
Zabbix Zabbix 2.2.1
Zabbix Zabbix 2.0.0
Zabbix Zabbix 2.0.1
Zabbix Zabbix 2.0.5
Zabbix Zabbix 1.8
Zabbix Zabbix 1.8.3
Zabbix Zabbix 2.0.9
Zabbix Zabbix 2.0.10
Zabbix Zabbix 2.0.4
Fedoraproject Fedora 19
Fedoraproject Fedora 20
Zabbix Zabbix 2.0.6
Zabbix Zabbix 1.8.15
Zabbix Zabbix 1.8.16
Zabbix Zabbix 1.8.18
Zabbix Zabbix
Zabbix Zabbix 1.8.1
NA
CVE-2014-1685
The Frontend in Zabbix prior to 1.8.20rc2, 2.0.x prior to 2.0.11rc2, and 2.2.x prior to 2.2.2rc1 allows remote "Zabbix Admin" users to modify the media of arbitrary users via unspecified vectors.
Zabbix Zabbix 2.0.2
Zabbix Zabbix 2.0.3
Zabbix Zabbix 2.2.1
Zabbix Zabbix 2.2.0
Zabbix Zabbix 2.0.4
Zabbix Zabbix 2.0.5
Zabbix Zabbix 2.0.6
Zabbix Zabbix 1.8
Zabbix Zabbix 2.0.7
Zabbix Zabbix 2.0.8
Zabbix Zabbix 2.0.0
Zabbix Zabbix 2.0.1
Zabbix Zabbix
Zabbix Zabbix 1.8.2
Zabbix Zabbix 1.8.3
Zabbix Zabbix 2.0.9
Zabbix Zabbix 2.0.10
Zabbix Zabbix 1.8.1
Zabbix Zabbix 1.8.16
Fedoraproject Fedora 19
Zabbix Zabbix 1.8.15
Zabbix Zabbix 1.8.18
NA
CVE-2012-6086
libs/zbxmedia/eztexting.c in Zabbix 1.8.x prior to 1.8.18rc1, 2.0.x prior to 2.0.8rc1, and 2.1.x prior to 2.1.2 does not properly set the CURLOPT_SSL_VERIFYHOST option for libcurl, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary valid certific...
Zabbix Zabbix 2.0.0
Zabbix Zabbix 2.0.1
Zabbix Zabbix 2.0.6
Zabbix Zabbix 2.1.0
Zabbix Zabbix 2.1.1
Zabbix Zabbix 2.0.5
Zabbix Zabbix 1.8.1
Zabbix Zabbix 1.8.10
Zabbix Zabbix 2.0.3
Zabbix Zabbix 1.8.16
Zabbix Zabbix 2.0.2
Zabbix Zabbix 2.0.4
Zabbix Zabbix 1.8.15
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »