Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zabbix zabbix server vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-32725
The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports. The received session cookie can then be used to access the frontend as the particular user.
Zabbix Zabbix Server 7.0.0
Zabbix Zabbix Server
Zabbix Frontend 7.0.0
Zabbix Frontend
1 Github repository
NA
CVE-2009-4498
The node_process_command function in Zabbix Server prior to 1.8 allows remote malicious users to execute arbitrary commands via a crafted request.
Zabbix Zabbix 1.1.2
Zabbix Zabbix 1.6.6
Zabbix Zabbix 1.7
Zabbix Zabbix 1.1.4
Zabbix Zabbix 1.1.3
Zabbix Zabbix 1.7.2
Zabbix Zabbix 1.7.1
Zabbix Zabbix 1.4.2
Zabbix Zabbix 1.1.5
Zabbix Zabbix
Zabbix Zabbix 1.7.3
Zabbix Zabbix 1.4.3
Zabbix Zabbix 1.6.7
Zabbix Zabbix 1.6.8
2 EDB exploits
7.2
CVSSv3
CVE-2023-32727
An attacker who has the privilege to configure Zabbix items can use function icmpping() with additional malicious command inside it to execute arbitrary code on the current Zabbix server.
Zabbix Zabbix Server
Zabbix Zabbix Server 7.0.0
NA
CVE-2009-4499
SQL injection vulnerability in the get_history_lastid function in the nodewatcher component in Zabbix Server prior to 1.6.8 allows remote malicious users to execute arbitrary SQL commands via a crafted request, possibly related to the send_history_last_id function in zabbix_serve...
Zabbix Zabbix 1.6.6
Zabbix Zabbix 1.4.3
Zabbix Zabbix 1.4.2
Zabbix Zabbix 1.1.5
Zabbix Zabbix 1.1.4
Zabbix Zabbix
Zabbix Zabbix 1.1.2
Zabbix Zabbix 1.4.4
Zabbix Zabbix 1.1.3
Zabbix Zabbix 1.4.6
1 EDB exploit
NA
CVE-2009-4501
The zbx_get_next_field function in libs/zbxcommon/str.c in Zabbix Server prior to 1.6.8 allows remote malicious users to cause a denial of service (crash) via a request that lacks expected separators, which triggers a NULL pointer dereference, as demonstrated using the Command ke...
Zabbix Zabbix 1.1.3
Zabbix Zabbix 1.4.6
Zabbix Zabbix 1.4.4
Zabbix Zabbix 1.6.6
Zabbix Zabbix 1.4.3
Zabbix Zabbix 1.4.2
Zabbix Zabbix 1.1.5
Zabbix Zabbix
Zabbix Zabbix 1.1.4
Zabbix Zabbix 1.1.2
1 EDB exploit
NA
CVE-2009-4500
The process_trap function in trapper/trapper.c in Zabbix Server prior to 1.6.6 allows remote malicious users to cause a denial of service (crash) via a crafted request with data that lacks an expected : (colon) separator, which triggers a NULL pointer dereference.
Zabbix Zabbix 1.1.2
Zabbix Zabbix 1.4.4
Zabbix Zabbix 1.4.2
Zabbix Zabbix 1.1.5
Zabbix Zabbix 1.1.4
Zabbix Zabbix
Zabbix Zabbix 1.1.3
Zabbix Zabbix 1.4.3
3.7
CVSSv3
CVE-2017-2826
An information disclosure vulnerability exists in the iConfig proxy request of Zabbix server 2.4.X. A specially crafted iConfig proxy request can cause the Zabbix server to send the configuration information of any Zabbix proxy, resulting in information disclosure. An attacker ca...
Zabbix Zabbix 2.4.1
Zabbix Zabbix 2.4.2
Zabbix Zabbix 2.4.6
Zabbix Zabbix 2.4.7
Zabbix Zabbix 2.4.9
Zabbix Zabbix 2.4.3
Zabbix Zabbix 2.4.4
Zabbix Zabbix 2.4.5
Zabbix Zabbix 2.4.0
Zabbix Zabbix 2.4.8
Debian Debian Linux 8.0
8.1
CVSSv3
CVE-2017-2824
An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X. A specially crafted set of packets can cause a command injection resulting in remote code execution. An attacker can make requests from an active Zabbix Proxy to trigge...
Zabbix Zabbix 2.4.1
Zabbix Zabbix 2.4.9
Zabbix Zabbix 2.4.2
Zabbix Zabbix 2.4.0
Zabbix Zabbix 2.4.4
Zabbix Zabbix 2.4.3
Zabbix Zabbix 2.4.6
Zabbix Zabbix 2.4.5
Zabbix Zabbix 2.4.8
Zabbix Zabbix 2.4.7
2 Github repositories
7.5
CVSSv3
CVE-2023-29451
Specially crafted string can cause a buffer overrun in the JSON parser library leading to a crash of the Zabbix Server or a Zabbix Proxy.
Zabbix Zabbix 6.4.0
Zabbix Zabbix
8.1
CVSSv3
CVE-2023-32726
The vulnerability is caused by improper check for check if RDLENGTH does not overflow the buffer in response from DNS server.
Zabbix Zabbix-agent 7.0.0
Zabbix Zabbix-agent
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »