Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pandora fms vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-24515
Server-Side Request Forgery (SSRF) vulnerability in API checker of Pandora FMS. Application does not have a check on the URL scheme used while retrieving API URL. Rather than validating the http/https scheme, the application allows other scheme such as file, which could allow a m...
Pandorafms Pandora Fms
NA
CVE-2023-24516
Cross-site Scripting (XSS) vulnerability in the Pandora FMS Special Days component allows an malicious user to use it to steal the session cookie value of admin users easily with little user interaction. This issue affects Pandora FMS v767 version and prior versions on all platfo...
Pandorafms Pandora Fms
NA
CVE-2023-24517
Unrestricted Upload of File with Dangerous Type vulnerability in the Pandora FMS File Manager component, allows an malicious user to make make use of this issue ( unrestricted file upload ) to execute arbitrary system commands. This issue affects Pandora FMS v767 version and prio...
Pandorafms Pandora Fms
1 Github repository
NA
CVE-2023-24518
A Cross-site Request Forgery (CSRF) vulnerability in Pandora FMS allows an malicious user to force authenticated users to send a request to a web application they are currently authenticated against. This issue affects Pandora FMS version 767 and previous versions versions on all...
Pandorafms Pandora Fms
7.5
CVSSv2
CVE-2021-34074
PandoraFMS <=7.54 allows arbitrary file upload, it leading to remote command execution via the File Manager. To bypass the built-in protection, a relative path is used in the requests.
Pandorafms Pandora Fms
NA
CVE-2023-41791
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed users with low privileges to introduce Javascript executables via a translation string ...
Artica Pandora Fms
NA
CVE-2023-41786
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pandora FMS on all allows File Discovery. This vulnerability allows users with low privileges to download database backups. This issue affects Pandora FMS: from 700 up to and including 772.
Artica Pandora Fms
NA
CVE-2023-41787
Uncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Paths. This vulnerability allows access to files with sensitive information. This issue affects Pandora FMS: from 700 up to and including 772.
Artica Pandora Fms
NA
CVE-2023-41788
Unrestricted Upload of File with Dangerous Type vulnerability in Pandora FMS on all allows Accessing Functionality Not Properly Constrained by ACLs. This vulnerability allows malicious users to execute code via PHP file uploads. This issue affects Pandora FMS: from 700 up to and ...
Artica Pandora Fms
NA
CVE-2023-41789
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allows an malicious user to perform cookie hijacking and log in as that user without the need f...
Artica Pandora Fms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »