Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pandorafms vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-24517
Unrestricted Upload of File with Dangerous Type vulnerability in the Pandora FMS File Manager component, allows an malicious user to make make use of this issue ( unrestricted file upload ) to execute arbitrary system commands. This issue affects Pandora FMS v767 version and prio...
Pandorafms Pandora Fms
1 Github repository
NA
CVE-2023-2807
Authentication Bypass by Spoofing vulnerability in the password reset process of Pandora FMS allows an unauthenticated malicious user to initiate a password reset process for any user account without proper authentication. This issue affects PandoraFMS v771 and prior versions on ...
Pandorafms Pandora Fms
NA
CVE-2022-47373
Reflected Cross Site Scripting in Search Functionality of Module Library in Pandora FMS Console v766 and lower. This vulnerability arises on the forget password functionality in which parameter username does not proper input validation/sanitization thus results in executing malic...
Pandorafms Pandora Fms
1 Github repository
NA
CVE-2022-45436
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artica PFMS Pandora FMS v765 on all platforms, allows Cross-Site Scripting (XSS). As a manager privilege user , create a network map containing name as xss payload. Onc...
Pandorafms Pandora Fms 765
1 Github repository
NA
CVE-2022-45437
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artica PFMS Pandora FMS v765 on all allows Cross-Site Scripting (XSS). A user with edition privileges can create a Payload in the reporting dashboard module. An admin u...
Pandorafms Pandora Fms 765
NA
CVE-2022-47372
Stored cross-site scripting vulnerability in the Create event section in Pandora FMS Console v766 and lower. An attacker typically exploits this vulnerability by injecting XSS payloads on popular pages of a site or passing a link to a victim, tricking them into viewing the page t...
Pandorafms Pandora Fms
NA
CVE-2022-43978
There is an improper authentication vulnerability in Pandora FMS v764. The application verifies that the user has a valid session when he is not trying to do a login. Since the secret is static in generatePublicHash function, an attacker with knowledge of a valid session can abus...
Pandorafms Pandora Fms
NA
CVE-2022-43979
There is a Path Traversal that leads to a Local File Inclusion in Pandora FMS v764. A function is called to check that the parameter that the user has inserted does not contain malicious characteres, but this check is insufficient. An attacker could insert an absolute path to ove...
Pandorafms Pandora Fms
NA
CVE-2022-43980
There is a stored cross-site scripting vulnerability in Pandora FMS v765 in the network maps editing functionality. An attacker could modify a network map, including on purpose the name of an XSS payload. Once created, if a user with admin privileges clicks on the edited network ...
Pandorafms Pandora Fms
1 Github repository
NA
CVE-2021-46676
A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an malicious user to perform javascript code executions via the transactional maps name field.
Pandorafms Pandora Fms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »