Vendor CVEs
Artica
All CVEs
66 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-3833 | 0.00 | — | 0.01 | Oct 7, 2021 | Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login in the system with… | |||
| CVE-2021-3832 | 0.00 | — | 0.02 | Oct 7, 2021 | Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Execution attack through file uploading. An unauthenticated attacker could abuse the AsyncUpload() function in order to exploit the vulnerability. | |||
| CVE-2021-34075 | 0.00 | — | 0.01 | Jun 30, 2021 | In Artica Pandora FMS <=754 in the File Manager component, there is sensitive information exposed on the client side which attackers can access. | |||
| CVE-2021-32098 | 0.00 | — | 0.02 | May 7, 2021 | Artica Pandora FMS 742 allows unauthenticated attackers to perform Phar deserialization. | |||
| CVE-2021-32100 | 0.00 | — | 0.03 | May 7, 2021 | A remote file inclusion vulnerability exists in Artica Pandora FMS 742, exploitable by the lowest privileged user. | |||
| CVE-2020-26518 | 0.00 | — | 0.02 | Oct 2, 2020 | Artica Pandora FMS before 743 allows unauthenticated attackers to conduct SQL injection attacks via the pandora_console/include/chart_generator.php session_id parameter. | |||
| CVE-2020-13853 | 0.00 | — | 0.01 | Jun 11, 2020 | Artica Pandora FMS 7.44 has persistent XSS in the Messages feature. | |||
| CVE-2020-13854 | 0.00 | — | 0.03 | Jun 11, 2020 | Artica Pandora FMS 7.44 allows privilege escalation. | |||
| CVE-2020-13850 | 0.00 | — | 0.02 | Jun 11, 2020 | Artica Pandora FMS 7.44 has inadequate access controls on a web folder. | |||
| CVE-2020-8511 | 0.00 | — | 0.03 | Mar 23, 2020 | In Artica Pandora FMS through 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the File Repository component, a different issue than CVE-2020-7935 and CVE-2020-8500. | |||
| CVE-2020-7935 | 0.00 | — | 0.03 | Mar 23, 2020 | Artica Pandora FMS through 7.42 is vulnerable to remote PHP code execution because of an Unrestricted Upload Of A File With A Dangerous Type issue in the File Manager. An attacker can create a (or use an existing) directory that is externally accessible to store PHP files. The… | |||
| CVE-2020-8500 | 0.00 | — | 0.04 | Mar 2, 2020 | In Artica Pandora FMS 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the Updater or Extension component. NOTE: The vendor reports that this is intended functionality | |||
| CVE-2019-15091 | 0.00 | — | 0.02 | Aug 16, 2019 | filemgr.php in Artica Integria IMS 5.0.86 allows index.php?sec=wiki&sec2=operation/wiki/wiki&action=upload arbitrary file upload. | |||
| CVE-2019-13035 | 0.00 | — | 0.00 | Jun 29, 2019 | Artica Pandora FMS 7.0 NG before 735 suffers from local privilege escalation due to improper permissions on C:\PandoraFMS and its sub-folders, allowing standard users to create new files. Moreover, the Apache service httpd.exe will try to execute cmd.exe from C:\PandoraFMS (the… | |||
| CVE-2019-7300 | 0.00 | — | 0.03 | Feb 1, 2019 | Artica Proxy 3.06.200056 allows remote attackers to execute arbitrary commands as root by reading the ressources/settings.inc ldap_admin and ldap_password fields, using these credentials at logon.php, and then entering the commands in the admin.index.php command-line field. | |||
| CVE-2018-1000812 | 0.00 | — | 0.02 | Dec 20, 2018 | Artica Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability in Password recovery process, line 45 of general/password_recovery.php that can result in IntegriaIMS web app user… |
- CVE-2021-3833Oct 7, 2021risk 0.00cvss —epss 0.01
Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login in the system with…
- CVE-2021-3832Oct 7, 2021risk 0.00cvss —epss 0.02
Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Execution attack through file uploading. An unauthenticated attacker could abuse the AsyncUpload() function in order to exploit the vulnerability.
- CVE-2021-34075Jun 30, 2021risk 0.00cvss —epss 0.01
In Artica Pandora FMS <=754 in the File Manager component, there is sensitive information exposed on the client side which attackers can access.
- CVE-2021-32098May 7, 2021risk 0.00cvss —epss 0.02
Artica Pandora FMS 742 allows unauthenticated attackers to perform Phar deserialization.
- CVE-2021-32100May 7, 2021risk 0.00cvss —epss 0.03
A remote file inclusion vulnerability exists in Artica Pandora FMS 742, exploitable by the lowest privileged user.
- CVE-2020-26518Oct 2, 2020risk 0.00cvss —epss 0.02
Artica Pandora FMS before 743 allows unauthenticated attackers to conduct SQL injection attacks via the pandora_console/include/chart_generator.php session_id parameter.
- CVE-2020-13853Jun 11, 2020risk 0.00cvss —epss 0.01
Artica Pandora FMS 7.44 has persistent XSS in the Messages feature.
- CVE-2020-13854Jun 11, 2020risk 0.00cvss —epss 0.03
Artica Pandora FMS 7.44 allows privilege escalation.
- CVE-2020-13850Jun 11, 2020risk 0.00cvss —epss 0.02
Artica Pandora FMS 7.44 has inadequate access controls on a web folder.
- CVE-2020-8511Mar 23, 2020risk 0.00cvss —epss 0.03
In Artica Pandora FMS through 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the File Repository component, a different issue than CVE-2020-7935 and CVE-2020-8500.
- CVE-2020-7935Mar 23, 2020risk 0.00cvss —epss 0.03
Artica Pandora FMS through 7.42 is vulnerable to remote PHP code execution because of an Unrestricted Upload Of A File With A Dangerous Type issue in the File Manager. An attacker can create a (or use an existing) directory that is externally accessible to store PHP files. The…
- CVE-2020-8500Mar 2, 2020risk 0.00cvss —epss 0.04
In Artica Pandora FMS 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the Updater or Extension component. NOTE: The vendor reports that this is intended functionality
- CVE-2019-15091Aug 16, 2019risk 0.00cvss —epss 0.02
filemgr.php in Artica Integria IMS 5.0.86 allows index.php?sec=wiki&sec2=operation/wiki/wiki&action=upload arbitrary file upload.
- CVE-2019-13035Jun 29, 2019risk 0.00cvss —epss 0.00
Artica Pandora FMS 7.0 NG before 735 suffers from local privilege escalation due to improper permissions on C:\PandoraFMS and its sub-folders, allowing standard users to create new files. Moreover, the Apache service httpd.exe will try to execute cmd.exe from C:\PandoraFMS (the…
- CVE-2019-7300Feb 1, 2019risk 0.00cvss —epss 0.03
Artica Proxy 3.06.200056 allows remote attackers to execute arbitrary commands as root by reading the ressources/settings.inc ldap_admin and ldap_password fields, using these credentials at logon.php, and then entering the commands in the admin.index.php command-line field.
- CVE-2018-1000812Dec 20, 2018risk 0.00cvss —epss 0.02
Artica Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability in Password recovery process, line 45 of general/password_recovery.php that can result in IntegriaIMS web app user…
Page 2 of 2