VYPR

Web

by Ganglia

Source repositories

CVEs (11)

  • CVE-2015-6816CriAug 9, 2017
    risk 0.64cvss 9.8epss 0.04

    ganglia-web before 3.7.1 allows remote attackers to bypass authentication.

  • CVE-2012-3448Aug 6, 2012
    risk 0.04cvss epss 0.10

    Unspecified vulnerability in Ganglia Web before 3.5.1 allows remote attackers to execute arbitrary PHP code via unknown attack vectors.

  • CVE-2009-0241Jan 21, 2009
    risk 0.03cvss epss 0.05

    Stack-based buffer overflow in the process_path function in gmetad/server.c in Ganglia 3.1.1 allows remote attackers to cause a denial of service (crash) via a request to the gmetad service with a long pathname.

  • CVE-2024-52763Nov 19, 2024
    risk 0.00cvss epss 0.01

    A cross-site scripting (XSS) vulnerability in the component /graph_all_periods.php of Ganglia-web v3.73 to v3.75 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "g" parameter.

  • CVE-2024-52762Nov 19, 2024
    risk 0.00cvss epss 0.01

    A cross-site scripting (XSS) vulnerability in the component /master/header.php of Ganglia-web v3.73 to v3.76 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "tz" parameter.

  • CVE-2019-20378Jan 11, 2020
    risk 0.00cvss epss 0.01

    ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via the header.php ce parameter.

  • CVE-2013-1770Apr 2, 2014
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in views_view.php in Ganglia Web 3.5.7 allows remote attackers to inject arbitrary web script or HTML via the view_name parameter.

  • CVE-2013-6395Dec 5, 2013
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in header.php in Ganglia Web 3.5.8 and 3.5.10 allows remote attackers to inject arbitrary web script or HTML via the host_regex parameter to the default URI, which is processed by get_context.php.

  • CVE-2013-0275Mar 14, 2013
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Ganglia Web before 3.5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2011-3741Sep 23, 2011
    risk 0.00cvss epss 0.01

    Ganglia 3.1.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by host_view.php and certain other files.

  • CVE-2007-6465Dec 20, 2007
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in ganglia-web in Ganglia before 3.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) c and (2) h parameters to (a) web/host_gmetrics.php; the (3) G, (4) me, (5) x, (6) n, (7) v, (8) l, (9) vl, and…