VYPR

Vendor CVEs

Artica

All CVEs

66 total · sorted by risk
  • CVE-2018-11221CriJun 16, 2018
    risk 0.64cvss 9.8epss 0.05

    Unauthenticated untrusted file upload in Artica Pandora FMS through version 7.23 allows an attacker to upload an arbitrary plugin via include/ajax/update_manager.ajax in the update system.

  • CVE-2017-17055CriDec 7, 2017
    risk 0.62cvss 9.0epss 0.09

    Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by conducting a cross-site scripting (XSS) attack involving the username-form-id parameter to freeradius.users.php.

  • CVE-2026-30805CriMay 12, 2026
    risk 0.59cvss 9.1epss 0.00

    Insecure Default Initialization of Resource vulnerability allows Authentication Bypass via API access. This issue affects Pandora FMS: from 777 through 800

  • CVE-2026-30810HigMay 12, 2026
    risk 0.57cvss 8.8epss 0.00

    Server-Side Request Forgery vulnerability allows Privilege Escalation via API Checker extension. This issue affects Pandora FMS: from 777 through 800

  • CVE-2026-30807HigMay 12, 2026
    risk 0.57cvss 8.8epss 0.00

    Cross-Site Request Forgery vulnerability allows an attacker to perform unauthorized actions via crafted web page. This issue affects Pandora FMS: from 777 through 800

  • CVE-2026-34186HigApr 13, 2026
    risk 0.57cvss 8.8epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via custom fields. This issue affects Pandora FMS: from 777 through 800

  • CVE-2026-30813HigApr 13, 2026
    risk 0.57cvss 8.8epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via module search. This issue affects Pandora FMS: from 777 through 800

  • CVE-2026-30809HigApr 13, 2026
    risk 0.57cvss 8.8epss 0.01

    Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via WebServerModuleDebug. This issue affects Pandora FMS: from 777 through 800

  • CVE-2026-30806HigApr 13, 2026
    risk 0.57cvss 8.8epss 0.01

    Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Network Report. This issue affects Pandora FMS: from 777 through 800

  • CVE-2026-30808HigMay 12, 2026
    risk 0.53cvss 8.1epss 0.00

    Session Fixation vulnerability allows Session Hijacking via crafted session ID. This issue affects Pandora FMS: from 777 through 800

  • CVE-2018-11222HigJun 16, 2018
    risk 0.49cvss 7.5epss 0.06

    Local File Inclusion (LFI) in Artica Pandora FMS through version 7.23 allows an attacker to call any php file via the /pandora_console/ajax.php ajax endpoint.

  • CVE-2026-34188HigApr 13, 2026
    risk 0.47cvss 7.2epss 0.01

    Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Event Response execution. This issue affects Pandora FMS: from 777 through 800

  • CVE-2026-30804HigApr 13, 2026
    risk 0.47cvss 7.2epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability allows Remote Code Execution via file upload. This issue affects Pandora FMS: from 777 through 800

  • CVE-2017-15935HigOct 27, 2017
    risk 0.47cvss 7.2epss 0.03

    Artica Pandora FMS version 7.0 is vulnerable to remote PHP code execution through the manager files function. This is only exploitable by administrators who upload a PHP file.

  • CVE-2026-30811MedApr 13, 2026
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability allows Exposure of Sensitive Information via configuration endpoint. This issue affects Pandora FMS: from 777 through 800

  • CVE-2017-15937MedOct 27, 2017
    risk 0.42cvss 6.5epss 0.01

    Artica Pandora FMS version 7.0 leaks a full installation pathname via GET data when intercepting the main page's graph requisition. This also implies that general OS information is leaked (e.g., a /var/www pathname typically means Linux or UNIX).

  • CVE-2026-30812MedApr 13, 2026
    risk 0.35cvss 5.4epss 0.00

    Improper Neutralization of Input During Web Page Generation vulnerability allows Stored Cross-Site Scripting via event comments. This issue affects Pandora FMS: from 777 through 800

  • CVE-2018-11223MedJun 16, 2018
    risk 0.35cvss 5.4epss 0.01

    XSS in Artica Pandora FMS before 7.0 NG 723 allows an attacker to execute arbitrary code via a crafted "refr" parameter in a "/pandora_console/index.php?sec=estado&sec2=operation/agentes/estado_agente&refr=" call.

  • CVE-2017-15936MedOct 27, 2017
    risk 0.35cvss 5.4epss 0.01

    In Artica Pandora FMS version 7.0, an Attacker with write Permission can create an agent with an XSS Payload; when a user enters the agent definitions page, the script will get executed.

  • CVE-2017-15934MedOct 27, 2017
    risk 0.35cvss 5.4epss 0.01

    Artica Pandora FMS version 7.0 is vulnerable to stored Cross-Site Scripting in the map name parameter.

  • CVE-2020-13851Jun 11, 2020
    risk 0.11cvss epss 0.91

    Artica Pandora FMS 7.44 allows remote command execution via the events feature.

  • CVE-2020-17505Aug 12, 2020
    risk 0.10cvss epss 0.82

    Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via service_cmds_peform.

  • CVE-2020-17506Aug 12, 2020
    risk 0.10cvss epss 0.94

    Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php.

  • CVE-2025-34088Jul 3, 2025
    risk 0.09cvss epss 0.05

    An authenticated remote code execution vulnerability exists in Pandora FMS version 7.0NG and earlier. The net_tools.php functionality allows authenticated users to execute arbitrary OS commands via the select_ips parameter when performing network tools operations, such as…

  • CVE-2010-4279Dec 2, 2010
    risk 0.08cvss epss 0.66

    The default configuration of Pandora FMS 3.1 and earlier specifies an empty string for the loginhash_pwd field, which allows remote attackers to bypass authentication by sending a request to index.php with "admin" in the loginhash_user parameter, in conjunction with the md5 hash…

  • CVE-2020-13158Jun 22, 2020
    risk 0.07cvss epss 0.54

    Artica Proxy before 4.30.000000 Community Edition allows Directory Traversal via the fw.progrss.details.php popup parameter.

  • CVE-2021-32099May 7, 2021
    risk 0.05cvss epss 0.11

    A SQL injection vulnerability in the pandora_console component of Artica Pandora FMS 742 allows an unauthenticated attacker to upgrade his unprivileged session via the /include/chart_generator.php session_id parameter, leading to a login bypass.

  • CVE-2010-4282Dec 2, 2010
    risk 0.05cvss epss 0.20

    Multiple directory traversal vulnerabilities in Pandora FMS before 3.1.1 allow remote attackers to include and execute arbitrary local files via (1) the page parameter to ajax.php or (2) the id parameter to general/pandora_help.php, and allow remote attackers to include and…

  • CVE-2020-8947Feb 12, 2020
    risk 0.04cvss epss 0.22

    functions_netflow.php in Artica Pandora FMS 7.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the index.php?operation/netflow/nf_live_view ip_dst, dst_port, or src_port parameter, a different vulnerability than CVE-2019-20224.

  • CVE-2010-4283Dec 2, 2010
    risk 0.04cvss epss 0.09

    PHP remote file inclusion vulnerability in extras/pandora_diag.php in Pandora FMS before 3.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the argv[1] parameter.

  • CVE-2010-4281Dec 2, 2010
    risk 0.04cvss epss 0.10

    Incomplete blacklist vulnerability in the safe_url_extraclean function in ajax.php in Pandora FMS before 3.1.1 allows remote attackers to execute arbitrary PHP code by using a page parameter containing a UNC share pathname, which bypasses the check for the : (colon) character.

  • CVE-2010-4278Dec 2, 2010
    risk 0.04cvss epss 0.11

    operation/agentes/networkmap.php in Pandora FMS before 3.1.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the layout parameter in an operation/agentes/networkmap action to index.php.

  • CVE-2018-19829Dec 18, 2018
    risk 0.03cvss epss 0.02

    Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary user when the ID number is known.

  • CVE-2018-19828Dec 17, 2018
    risk 0.03cvss epss 0.02

    Artica Integria IMS 5.0.83 has XSS via the search_string parameter.

  • CVE-2010-4280Dec 2, 2010
    risk 0.03cvss epss 0.05

    Multiple SQL injection vulnerabilities in Pandora FMS before 3.1.1 allow remote authenticated users to execute arbitrary SQL commands via (1) the id_group parameter in an operation/agentes/ver_agente action to ajax.php or (2) the group_id parameter in an…

  • CVE-2020-15051Jul 15, 2020
    risk 0.02cvss epss 0.02

    An issue was discovered in Artica Proxy before 4.30.000000. Stored XSS exists via the Server Domain Name, Your Email Address, Group Name, MYSQL Server, Database, MYSQL Username, Group Name, and Task Description fields.

  • CVE-2020-13852Jun 11, 2020
    risk 0.02cvss epss 0.28

    Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Manager feature.

  • CVE-2020-13855Jun 11, 2020
    risk 0.02cvss epss 0.28

    Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Repository Manager feature.

  • CVE-2020-8497Mar 23, 2020
    risk 0.02cvss epss 0.05

    In Artica Pandora FMS through 7.42, an unauthenticated attacker can read the chat history. The file is in JSON format and it contains user names, user IDs, private messages, and timestamps.

  • CVE-2021-41739May 5, 2022
    risk 0.01cvss epss 0.03

    A OS Command Injection vulnerability was discovered in Artica Proxy 4.30.000000. Attackers can execute OS commands in cyrus.events.php with GET param logs and POST param rp.

  • CVE-2020-15053Jul 20, 2020
    risk 0.01cvss epss 0.02

    An issue was discovered in Artica Proxy CE before 4.28.030.418. Reflected XSS exists via these search fields: real time request, System Events, Proxy Events, Proxy Objects, and Firewall objects.

  • CVE-2020-15052Jul 20, 2020
    risk 0.01cvss epss 0.02

    An issue was discovered in Artica Proxy CE before 4.28.030.418. SQL Injection exists via the Netmask, Hostname, and Alias fields.

  • CVE-2020-10818Mar 22, 2020
    risk 0.01cvss epss 0.03

    Artica Proxy 4.26 allows remote command execution for an authenticated user via shell metacharacters in the "Modify the hostname" field.

  • CVE-2024-2056Mar 5, 2024
    risk 0.00cvss epss 0.17

    Services that are running and bound to the loopback interface on the Artica Proxy are accessible through the proxy service. In particular, the "tailon" service is running, running as the root user, is bound to the loopback interface, and is listening on TCP port 7050. Security…

  • CVE-2024-2055Mar 5, 2024
    risk 0.00cvss epss 0.01

    The "Rich Filemanager" feature of Artica Proxy provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by default, and runs as the root user.

  • CVE-2022-45436Feb 15, 2023
    risk 0.00cvss epss 0.01

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artica PFMS Pandora FMS v765 on all platforms, allows Cross-Site Scripting (XSS). As a manager privilege user , create a network map containing name as xss payload. Once…

  • CVE-2022-37153Aug 24, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in Artica Proxy 4.30.000000. There is a XSS vulnerability via the password parameter in /fw.login.php.

  • CVE-2021-40680Apr 25, 2022
    risk 0.00cvss epss 0.01

    There is a Directory Traversal vulnerability in Artica Proxy (4.30.000000 SP206 through SP255, and VMware appliance 4.30.000000 through SP273) via the filename parameter to /cgi-bin/main.cgi.

  • CVE-2021-36697Nov 3, 2021
    risk 0.00cvss epss 0.00

    With an admin account, the .htaccess file in Artica Pandora FMS <=755 can be overwritten with the File Manager component. The new .htaccess file contains a Rewrite Rule with a type definition. A normal PHP file can be uploaded with this new "file type" and the code can be…

  • CVE-2021-3834Oct 7, 2021
    risk 0.00cvss epss 0.01

    Integria IMS in its 5.0.92 version does not filter correctly some fields related to the login.php file. An attacker could exploit this vulnerability in order to perform a cross-site scripting attack (XSS).

Page 1 of 2