Vendor CVEs
Artica
All CVEs
66 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-11221 | Cri | 0.64 | 9.8 | 0.05 | Jun 16, 2018 | Unauthenticated untrusted file upload in Artica Pandora FMS through version 7.23 allows an attacker to upload an arbitrary plugin via include/ajax/update_manager.ajax in the update system. | ||
| CVE-2017-17055 | Cri | 0.62 | 9.0 | 0.09 | Dec 7, 2017 | Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by conducting a cross-site scripting (XSS) attack involving the username-form-id parameter to freeradius.users.php. | ||
| CVE-2026-30805 | Cri | 0.59 | 9.1 | 0.00 | May 12, 2026 | Insecure Default Initialization of Resource vulnerability allows Authentication Bypass via API access. This issue affects Pandora FMS: from 777 through 800 | ||
| CVE-2026-30810 | Hig | 0.57 | 8.8 | 0.00 | May 12, 2026 | Server-Side Request Forgery vulnerability allows Privilege Escalation via API Checker extension. This issue affects Pandora FMS: from 777 through 800 | ||
| CVE-2026-30807 | Hig | 0.57 | 8.8 | 0.00 | May 12, 2026 | Cross-Site Request Forgery vulnerability allows an attacker to perform unauthorized actions via crafted web page. This issue affects Pandora FMS: from 777 through 800 | ||
| CVE-2026-34186 | Hig | 0.57 | 8.8 | 0.00 | Apr 13, 2026 | Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via custom fields. This issue affects Pandora FMS: from 777 through 800 | ||
| CVE-2026-30813 | Hig | 0.57 | 8.8 | 0.00 | Apr 13, 2026 | Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via module search. This issue affects Pandora FMS: from 777 through 800 | ||
| CVE-2026-30809 | Hig | 0.57 | 8.8 | 0.01 | Apr 13, 2026 | Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via WebServerModuleDebug. This issue affects Pandora FMS: from 777 through 800 | ||
| CVE-2026-30806 | Hig | 0.57 | 8.8 | 0.01 | Apr 13, 2026 | Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Network Report. This issue affects Pandora FMS: from 777 through 800 | ||
| CVE-2026-30808 | Hig | 0.53 | 8.1 | 0.00 | May 12, 2026 | Session Fixation vulnerability allows Session Hijacking via crafted session ID. This issue affects Pandora FMS: from 777 through 800 | ||
| CVE-2018-11222 | Hig | 0.49 | 7.5 | 0.06 | Jun 16, 2018 | Local File Inclusion (LFI) in Artica Pandora FMS through version 7.23 allows an attacker to call any php file via the /pandora_console/ajax.php ajax endpoint. | ||
| CVE-2026-34188 | Hig | 0.47 | 7.2 | 0.01 | Apr 13, 2026 | Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Event Response execution. This issue affects Pandora FMS: from 777 through 800 | ||
| CVE-2026-30804 | Hig | 0.47 | 7.2 | 0.00 | Apr 13, 2026 | Unrestricted Upload of File with Dangerous Type vulnerability allows Remote Code Execution via file upload. This issue affects Pandora FMS: from 777 through 800 | ||
| CVE-2017-15935 | Hig | 0.47 | 7.2 | 0.03 | Oct 27, 2017 | Artica Pandora FMS version 7.0 is vulnerable to remote PHP code execution through the manager files function. This is only exploitable by administrators who upload a PHP file. | ||
| CVE-2026-30811 | Med | 0.42 | 6.5 | 0.00 | Apr 13, 2026 | Missing Authorization vulnerability allows Exposure of Sensitive Information via configuration endpoint. This issue affects Pandora FMS: from 777 through 800 | ||
| CVE-2017-15937 | Med | 0.42 | 6.5 | 0.01 | Oct 27, 2017 | Artica Pandora FMS version 7.0 leaks a full installation pathname via GET data when intercepting the main page's graph requisition. This also implies that general OS information is leaked (e.g., a /var/www pathname typically means Linux or UNIX). | ||
| CVE-2026-30812 | Med | 0.35 | 5.4 | 0.00 | Apr 13, 2026 | Improper Neutralization of Input During Web Page Generation vulnerability allows Stored Cross-Site Scripting via event comments. This issue affects Pandora FMS: from 777 through 800 | ||
| CVE-2018-11223 | Med | 0.35 | 5.4 | 0.01 | Jun 16, 2018 | XSS in Artica Pandora FMS before 7.0 NG 723 allows an attacker to execute arbitrary code via a crafted "refr" parameter in a "/pandora_console/index.php?sec=estado&sec2=operation/agentes/estado_agente&refr=" call. | ||
| CVE-2017-15936 | Med | 0.35 | 5.4 | 0.01 | Oct 27, 2017 | In Artica Pandora FMS version 7.0, an Attacker with write Permission can create an agent with an XSS Payload; when a user enters the agent definitions page, the script will get executed. | ||
| CVE-2017-15934 | Med | 0.35 | 5.4 | 0.01 | Oct 27, 2017 | Artica Pandora FMS version 7.0 is vulnerable to stored Cross-Site Scripting in the map name parameter. | ||
| CVE-2020-13851 | 0.11 | — | 0.91 | Jun 11, 2020 | Artica Pandora FMS 7.44 allows remote command execution via the events feature. | |||
| CVE-2020-17505 | 0.10 | — | 0.82 | Aug 12, 2020 | Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via service_cmds_peform. | |||
| CVE-2020-17506 | 0.10 | — | 0.94 | Aug 12, 2020 | Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php. | |||
| CVE-2025-34088 | 0.09 | — | 0.05 | Jul 3, 2025 | An authenticated remote code execution vulnerability exists in Pandora FMS version 7.0NG and earlier. The net_tools.php functionality allows authenticated users to execute arbitrary OS commands via the select_ips parameter when performing network tools operations, such as… | |||
| CVE-2010-4279 | 0.08 | — | 0.66 | Dec 2, 2010 | The default configuration of Pandora FMS 3.1 and earlier specifies an empty string for the loginhash_pwd field, which allows remote attackers to bypass authentication by sending a request to index.php with "admin" in the loginhash_user parameter, in conjunction with the md5 hash… | |||
| CVE-2020-13158 | 0.07 | — | 0.54 | Jun 22, 2020 | Artica Proxy before 4.30.000000 Community Edition allows Directory Traversal via the fw.progrss.details.php popup parameter. | |||
| CVE-2021-32099 | 0.05 | — | 0.11 | May 7, 2021 | A SQL injection vulnerability in the pandora_console component of Artica Pandora FMS 742 allows an unauthenticated attacker to upgrade his unprivileged session via the /include/chart_generator.php session_id parameter, leading to a login bypass. | |||
| CVE-2010-4282 | 0.05 | — | 0.20 | Dec 2, 2010 | Multiple directory traversal vulnerabilities in Pandora FMS before 3.1.1 allow remote attackers to include and execute arbitrary local files via (1) the page parameter to ajax.php or (2) the id parameter to general/pandora_help.php, and allow remote attackers to include and… | |||
| CVE-2020-8947 | 0.04 | — | 0.22 | Feb 12, 2020 | functions_netflow.php in Artica Pandora FMS 7.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the index.php?operation/netflow/nf_live_view ip_dst, dst_port, or src_port parameter, a different vulnerability than CVE-2019-20224. | |||
| CVE-2010-4283 | 0.04 | — | 0.09 | Dec 2, 2010 | PHP remote file inclusion vulnerability in extras/pandora_diag.php in Pandora FMS before 3.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the argv[1] parameter. | |||
| CVE-2010-4281 | 0.04 | — | 0.10 | Dec 2, 2010 | Incomplete blacklist vulnerability in the safe_url_extraclean function in ajax.php in Pandora FMS before 3.1.1 allows remote attackers to execute arbitrary PHP code by using a page parameter containing a UNC share pathname, which bypasses the check for the : (colon) character. | |||
| CVE-2010-4278 | 0.04 | — | 0.11 | Dec 2, 2010 | operation/agentes/networkmap.php in Pandora FMS before 3.1.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the layout parameter in an operation/agentes/networkmap action to index.php. | |||
| CVE-2018-19829 | 0.03 | — | 0.02 | Dec 18, 2018 | Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary user when the ID number is known. | |||
| CVE-2018-19828 | 0.03 | — | 0.02 | Dec 17, 2018 | Artica Integria IMS 5.0.83 has XSS via the search_string parameter. | |||
| CVE-2010-4280 | 0.03 | — | 0.05 | Dec 2, 2010 | Multiple SQL injection vulnerabilities in Pandora FMS before 3.1.1 allow remote authenticated users to execute arbitrary SQL commands via (1) the id_group parameter in an operation/agentes/ver_agente action to ajax.php or (2) the group_id parameter in an… | |||
| CVE-2020-15051 | 0.02 | — | 0.02 | Jul 15, 2020 | An issue was discovered in Artica Proxy before 4.30.000000. Stored XSS exists via the Server Domain Name, Your Email Address, Group Name, MYSQL Server, Database, MYSQL Username, Group Name, and Task Description fields. | |||
| CVE-2020-13852 | 0.02 | — | 0.28 | Jun 11, 2020 | Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Manager feature. | |||
| CVE-2020-13855 | 0.02 | — | 0.28 | Jun 11, 2020 | Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Repository Manager feature. | |||
| CVE-2020-8497 | 0.02 | — | 0.05 | Mar 23, 2020 | In Artica Pandora FMS through 7.42, an unauthenticated attacker can read the chat history. The file is in JSON format and it contains user names, user IDs, private messages, and timestamps. | |||
| CVE-2021-41739 | 0.01 | — | 0.03 | May 5, 2022 | A OS Command Injection vulnerability was discovered in Artica Proxy 4.30.000000. Attackers can execute OS commands in cyrus.events.php with GET param logs and POST param rp. | |||
| CVE-2020-15053 | 0.01 | — | 0.02 | Jul 20, 2020 | An issue was discovered in Artica Proxy CE before 4.28.030.418. Reflected XSS exists via these search fields: real time request, System Events, Proxy Events, Proxy Objects, and Firewall objects. | |||
| CVE-2020-15052 | 0.01 | — | 0.02 | Jul 20, 2020 | An issue was discovered in Artica Proxy CE before 4.28.030.418. SQL Injection exists via the Netmask, Hostname, and Alias fields. | |||
| CVE-2020-10818 | 0.01 | — | 0.03 | Mar 22, 2020 | Artica Proxy 4.26 allows remote command execution for an authenticated user via shell metacharacters in the "Modify the hostname" field. | |||
| CVE-2024-2056 | 0.00 | — | 0.17 | Mar 5, 2024 | Services that are running and bound to the loopback interface on the Artica Proxy are accessible through the proxy service. In particular, the "tailon" service is running, running as the root user, is bound to the loopback interface, and is listening on TCP port 7050. Security… | |||
| CVE-2024-2055 | 0.00 | — | 0.01 | Mar 5, 2024 | The "Rich Filemanager" feature of Artica Proxy provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by default, and runs as the root user. | |||
| CVE-2022-45436 | 0.00 | — | 0.01 | Feb 15, 2023 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artica PFMS Pandora FMS v765 on all platforms, allows Cross-Site Scripting (XSS). As a manager privilege user , create a network map containing name as xss payload. Once… | |||
| CVE-2022-37153 | 0.00 | — | 0.01 | Aug 24, 2022 | An issue was discovered in Artica Proxy 4.30.000000. There is a XSS vulnerability via the password parameter in /fw.login.php. | |||
| CVE-2021-40680 | 0.00 | — | 0.01 | Apr 25, 2022 | There is a Directory Traversal vulnerability in Artica Proxy (4.30.000000 SP206 through SP255, and VMware appliance 4.30.000000 through SP273) via the filename parameter to /cgi-bin/main.cgi. | |||
| CVE-2021-36697 | 0.00 | — | 0.00 | Nov 3, 2021 | With an admin account, the .htaccess file in Artica Pandora FMS <=755 can be overwritten with the File Manager component. The new .htaccess file contains a Rewrite Rule with a type definition. A normal PHP file can be uploaded with this new "file type" and the code can be… | |||
| CVE-2021-3834 | 0.00 | — | 0.01 | Oct 7, 2021 | Integria IMS in its 5.0.92 version does not filter correctly some fields related to the login.php file. An attacker could exploit this vulnerability in order to perform a cross-site scripting attack (XSS). |
- risk 0.64cvss 9.8epss 0.05
Unauthenticated untrusted file upload in Artica Pandora FMS through version 7.23 allows an attacker to upload an arbitrary plugin via include/ajax/update_manager.ajax in the update system.
- risk 0.62cvss 9.0epss 0.09
Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by conducting a cross-site scripting (XSS) attack involving the username-form-id parameter to freeradius.users.php.
- risk 0.59cvss 9.1epss 0.00
Insecure Default Initialization of Resource vulnerability allows Authentication Bypass via API access. This issue affects Pandora FMS: from 777 through 800
- risk 0.57cvss 8.8epss 0.00
Server-Side Request Forgery vulnerability allows Privilege Escalation via API Checker extension. This issue affects Pandora FMS: from 777 through 800
- risk 0.57cvss 8.8epss 0.00
Cross-Site Request Forgery vulnerability allows an attacker to perform unauthorized actions via crafted web page. This issue affects Pandora FMS: from 777 through 800
- risk 0.57cvss 8.8epss 0.00
Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via custom fields. This issue affects Pandora FMS: from 777 through 800
- risk 0.57cvss 8.8epss 0.00
Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via module search. This issue affects Pandora FMS: from 777 through 800
- risk 0.57cvss 8.8epss 0.01
Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via WebServerModuleDebug. This issue affects Pandora FMS: from 777 through 800
- risk 0.57cvss 8.8epss 0.01
Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Network Report. This issue affects Pandora FMS: from 777 through 800
- risk 0.53cvss 8.1epss 0.00
Session Fixation vulnerability allows Session Hijacking via crafted session ID. This issue affects Pandora FMS: from 777 through 800
- risk 0.49cvss 7.5epss 0.06
Local File Inclusion (LFI) in Artica Pandora FMS through version 7.23 allows an attacker to call any php file via the /pandora_console/ajax.php ajax endpoint.
- risk 0.47cvss 7.2epss 0.01
Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Event Response execution. This issue affects Pandora FMS: from 777 through 800
- risk 0.47cvss 7.2epss 0.00
Unrestricted Upload of File with Dangerous Type vulnerability allows Remote Code Execution via file upload. This issue affects Pandora FMS: from 777 through 800
- risk 0.47cvss 7.2epss 0.03
Artica Pandora FMS version 7.0 is vulnerable to remote PHP code execution through the manager files function. This is only exploitable by administrators who upload a PHP file.
- risk 0.42cvss 6.5epss 0.00
Missing Authorization vulnerability allows Exposure of Sensitive Information via configuration endpoint. This issue affects Pandora FMS: from 777 through 800
- risk 0.42cvss 6.5epss 0.01
Artica Pandora FMS version 7.0 leaks a full installation pathname via GET data when intercepting the main page's graph requisition. This also implies that general OS information is leaked (e.g., a /var/www pathname typically means Linux or UNIX).
- risk 0.35cvss 5.4epss 0.00
Improper Neutralization of Input During Web Page Generation vulnerability allows Stored Cross-Site Scripting via event comments. This issue affects Pandora FMS: from 777 through 800
- risk 0.35cvss 5.4epss 0.01
XSS in Artica Pandora FMS before 7.0 NG 723 allows an attacker to execute arbitrary code via a crafted "refr" parameter in a "/pandora_console/index.php?sec=estado&sec2=operation/agentes/estado_agente&refr=" call.
- risk 0.35cvss 5.4epss 0.01
In Artica Pandora FMS version 7.0, an Attacker with write Permission can create an agent with an XSS Payload; when a user enters the agent definitions page, the script will get executed.
- risk 0.35cvss 5.4epss 0.01
Artica Pandora FMS version 7.0 is vulnerable to stored Cross-Site Scripting in the map name parameter.
- CVE-2020-13851Jun 11, 2020risk 0.11cvss —epss 0.91
Artica Pandora FMS 7.44 allows remote command execution via the events feature.
- CVE-2020-17505Aug 12, 2020risk 0.10cvss —epss 0.82
Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via service_cmds_peform.
- CVE-2020-17506Aug 12, 2020risk 0.10cvss —epss 0.94
Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php.
- CVE-2025-34088Jul 3, 2025risk 0.09cvss —epss 0.05
An authenticated remote code execution vulnerability exists in Pandora FMS version 7.0NG and earlier. The net_tools.php functionality allows authenticated users to execute arbitrary OS commands via the select_ips parameter when performing network tools operations, such as…
- CVE-2010-4279Dec 2, 2010risk 0.08cvss —epss 0.66
The default configuration of Pandora FMS 3.1 and earlier specifies an empty string for the loginhash_pwd field, which allows remote attackers to bypass authentication by sending a request to index.php with "admin" in the loginhash_user parameter, in conjunction with the md5 hash…
- CVE-2020-13158Jun 22, 2020risk 0.07cvss —epss 0.54
Artica Proxy before 4.30.000000 Community Edition allows Directory Traversal via the fw.progrss.details.php popup parameter.
- CVE-2021-32099May 7, 2021risk 0.05cvss —epss 0.11
A SQL injection vulnerability in the pandora_console component of Artica Pandora FMS 742 allows an unauthenticated attacker to upgrade his unprivileged session via the /include/chart_generator.php session_id parameter, leading to a login bypass.
- CVE-2010-4282Dec 2, 2010risk 0.05cvss —epss 0.20
Multiple directory traversal vulnerabilities in Pandora FMS before 3.1.1 allow remote attackers to include and execute arbitrary local files via (1) the page parameter to ajax.php or (2) the id parameter to general/pandora_help.php, and allow remote attackers to include and…
- CVE-2020-8947Feb 12, 2020risk 0.04cvss —epss 0.22
functions_netflow.php in Artica Pandora FMS 7.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the index.php?operation/netflow/nf_live_view ip_dst, dst_port, or src_port parameter, a different vulnerability than CVE-2019-20224.
- CVE-2010-4283Dec 2, 2010risk 0.04cvss —epss 0.09
PHP remote file inclusion vulnerability in extras/pandora_diag.php in Pandora FMS before 3.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the argv[1] parameter.
- CVE-2010-4281Dec 2, 2010risk 0.04cvss —epss 0.10
Incomplete blacklist vulnerability in the safe_url_extraclean function in ajax.php in Pandora FMS before 3.1.1 allows remote attackers to execute arbitrary PHP code by using a page parameter containing a UNC share pathname, which bypasses the check for the : (colon) character.
- CVE-2010-4278Dec 2, 2010risk 0.04cvss —epss 0.11
operation/agentes/networkmap.php in Pandora FMS before 3.1.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the layout parameter in an operation/agentes/networkmap action to index.php.
- CVE-2018-19829Dec 18, 2018risk 0.03cvss —epss 0.02
Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary user when the ID number is known.
- CVE-2018-19828Dec 17, 2018risk 0.03cvss —epss 0.02
Artica Integria IMS 5.0.83 has XSS via the search_string parameter.
- CVE-2010-4280Dec 2, 2010risk 0.03cvss —epss 0.05
Multiple SQL injection vulnerabilities in Pandora FMS before 3.1.1 allow remote authenticated users to execute arbitrary SQL commands via (1) the id_group parameter in an operation/agentes/ver_agente action to ajax.php or (2) the group_id parameter in an…
- CVE-2020-15051Jul 15, 2020risk 0.02cvss —epss 0.02
An issue was discovered in Artica Proxy before 4.30.000000. Stored XSS exists via the Server Domain Name, Your Email Address, Group Name, MYSQL Server, Database, MYSQL Username, Group Name, and Task Description fields.
- CVE-2020-13852Jun 11, 2020risk 0.02cvss —epss 0.28
Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Manager feature.
- CVE-2020-13855Jun 11, 2020risk 0.02cvss —epss 0.28
Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Repository Manager feature.
- CVE-2020-8497Mar 23, 2020risk 0.02cvss —epss 0.05
In Artica Pandora FMS through 7.42, an unauthenticated attacker can read the chat history. The file is in JSON format and it contains user names, user IDs, private messages, and timestamps.
- CVE-2021-41739May 5, 2022risk 0.01cvss —epss 0.03
A OS Command Injection vulnerability was discovered in Artica Proxy 4.30.000000. Attackers can execute OS commands in cyrus.events.php with GET param logs and POST param rp.
- CVE-2020-15053Jul 20, 2020risk 0.01cvss —epss 0.02
An issue was discovered in Artica Proxy CE before 4.28.030.418. Reflected XSS exists via these search fields: real time request, System Events, Proxy Events, Proxy Objects, and Firewall objects.
- CVE-2020-15052Jul 20, 2020risk 0.01cvss —epss 0.02
An issue was discovered in Artica Proxy CE before 4.28.030.418. SQL Injection exists via the Netmask, Hostname, and Alias fields.
- CVE-2020-10818Mar 22, 2020risk 0.01cvss —epss 0.03
Artica Proxy 4.26 allows remote command execution for an authenticated user via shell metacharacters in the "Modify the hostname" field.
- CVE-2024-2056Mar 5, 2024risk 0.00cvss —epss 0.17
Services that are running and bound to the loopback interface on the Artica Proxy are accessible through the proxy service. In particular, the "tailon" service is running, running as the root user, is bound to the loopback interface, and is listening on TCP port 7050. Security…
- CVE-2024-2055Mar 5, 2024risk 0.00cvss —epss 0.01
The "Rich Filemanager" feature of Artica Proxy provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by default, and runs as the root user.
- CVE-2022-45436Feb 15, 2023risk 0.00cvss —epss 0.01
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artica PFMS Pandora FMS v765 on all platforms, allows Cross-Site Scripting (XSS). As a manager privilege user , create a network map containing name as xss payload. Once…
- CVE-2022-37153Aug 24, 2022risk 0.00cvss —epss 0.01
An issue was discovered in Artica Proxy 4.30.000000. There is a XSS vulnerability via the password parameter in /fw.login.php.
- CVE-2021-40680Apr 25, 2022risk 0.00cvss —epss 0.01
There is a Directory Traversal vulnerability in Artica Proxy (4.30.000000 SP206 through SP255, and VMware appliance 4.30.000000 through SP273) via the filename parameter to /cgi-bin/main.cgi.
- CVE-2021-36697Nov 3, 2021risk 0.00cvss —epss 0.00
With an admin account, the .htaccess file in Artica Pandora FMS <=755 can be overwritten with the File Manager component. The new .htaccess file contains a Rewrite Rule with a type definition. A normal PHP file can be uploaded with this new "file type" and the code can be…
- CVE-2021-3834Oct 7, 2021risk 0.00cvss —epss 0.01
Integria IMS in its 5.0.92 version does not filter correctly some fields related to the login.php file. An attacker could exploit this vulnerability in order to perform a cross-site scripting attack (XSS).
Page 1 of 2