VYPR

Zen Load Balancer

by Zenloadbalancer

CVEs (4)

  • CVE-2012-10039CriAug 11, 2025
    risk 0.64cvss epss 0.02

    ZEN Load Balancer versions 2.0 and 3.0-rc1 contain a command injection vulnerability in content2-2.cgi. The filelog parameter is passed directly into a backtick-delimited exec() call without sanitation. An authenticated attacker can inject arbitrary shell commands, resulting in…

  • CVE-2020-11490HigApr 2, 2020
    risk 0.47cvss 7.2epss 0.02

    Manage::Certificates in Zen Load Balancer 3.10.1 allows remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the index.cgi cert_issuer, cert_division, cert_organization, cert_locality, cert_state, cert_country, or cert_email parameter.

  • CVE-2019-7301HigFeb 1, 2019
    risk 0.47cvss 7.2epss 0.03

    Zen Load Balancer 3.10.1 allows remote authenticated admin users to execute arbitrary commands as root via shell metacharacters in the index.cgi?action=View_Cert certname parameter.

  • CVE-2020-11491MedApr 2, 2020
    risk 0.35cvss 4.9epss 0.08

    Monitoring::Logs in Zen Load Balancer 3.10.1 allows remote authenticated admins to conduct absolute path traversal attacks, as demonstrated by a filelog=/etc/shadow request to index.cgi.