paessler vulnerabilities and exploits

4
CVSSv2
CVE-2017-15917

In Paessler PRTG Network Monitor 17.3.33.2830, it's possible to create a Map as a read-only user, by forging a request and sending it to the server....

4.3
CVSSv2
CVE-2016-5078

Paessler PRTG before 16.2.24.4045 has XSS via SNMP....

4
CVSSv2
CVE-2015-7743

XML external entity vulnerability in PRTG Network Monitor before 16.2.23.3077/3078 allows remote authenticated users to read arbitrary files by creating a new HTTP XML/REST Value sensor that accesses a crafted XML file....

9
CVSSv2
CVE-2018-19204

PRTG Network Monitor before 18.3.44.2054 allows a remote authenticated attacker (with read-write privileges) to execute arbitrary code and OS commands with system privileges. When creating an HTTP Advanced Sensor, the user's input in the POST parameter...

4.3
CVSSv2
CVE-2017-9816

Cross-site scripting (XSS) vulnerability in Paessler PRTG Network Monitor before 17.2.32.2279 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors....

4.3
CVSSv2
CVE-2017-15009

PRTG Network Monitor version 17.3.33.2830 is vulnerable to reflected Cross-Site Scripting on error.htm (the error page), via the errormsg parameter....

4.3
CVSSv2
CVE-2018-14683

PRTG before 19.1.49.1966 has Cross Site Scripting (XSS) in the WEBGUI....

3.5
CVSSv2
CVE-2017-15360

PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored Cross-Site Scripting on all group names created, related to incorrect error handling for an HTML encoded script....

3.5
CVSSv2
CVE-2017-15008

PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored Cross-Site Scripting on all sensor titles, related to incorrect error handling for a %00 in the SRC attribute of an IMG element....

4.3
CVSSv2
CVE-2009-1849

Cross-site scripting (XSS) vulnerability in the Monitor_Bandwidth function in PRTG Traffic Grapher 6.2.2.977 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors....