VYPR

Vendor CVEs

Artica

All CVEs

66 total · sorted by risk
  • CVE-2021-3833Oct 7, 2021
    risk 0.00cvss epss 0.01

    Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login in the system with…

  • CVE-2021-3832Oct 7, 2021
    risk 0.00cvss epss 0.02

    Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Execution attack through file uploading. An unauthenticated attacker could abuse the AsyncUpload() function in order to exploit the vulnerability.

  • CVE-2021-34075Jun 30, 2021
    risk 0.00cvss epss 0.01

    In Artica Pandora FMS <=754 in the File Manager component, there is sensitive information exposed on the client side which attackers can access.

  • CVE-2021-32098May 7, 2021
    risk 0.00cvss epss 0.02

    Artica Pandora FMS 742 allows unauthenticated attackers to perform Phar deserialization.

  • CVE-2021-32100May 7, 2021
    risk 0.00cvss epss 0.03

    A remote file inclusion vulnerability exists in Artica Pandora FMS 742, exploitable by the lowest privileged user.

  • CVE-2020-26518Oct 2, 2020
    risk 0.00cvss epss 0.02

    Artica Pandora FMS before 743 allows unauthenticated attackers to conduct SQL injection attacks via the pandora_console/include/chart_generator.php session_id parameter.

  • CVE-2020-13853Jun 11, 2020
    risk 0.00cvss epss 0.01

    Artica Pandora FMS 7.44 has persistent XSS in the Messages feature.

  • CVE-2020-13854Jun 11, 2020
    risk 0.00cvss epss 0.03

    Artica Pandora FMS 7.44 allows privilege escalation.

  • CVE-2020-13850Jun 11, 2020
    risk 0.00cvss epss 0.02

    Artica Pandora FMS 7.44 has inadequate access controls on a web folder.

  • CVE-2020-8511Mar 23, 2020
    risk 0.00cvss epss 0.03

    In Artica Pandora FMS through 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the File Repository component, a different issue than CVE-2020-7935 and CVE-2020-8500.

  • CVE-2020-7935Mar 23, 2020
    risk 0.00cvss epss 0.03

    Artica Pandora FMS through 7.42 is vulnerable to remote PHP code execution because of an Unrestricted Upload Of A File With A Dangerous Type issue in the File Manager. An attacker can create a (or use an existing) directory that is externally accessible to store PHP files. The…

  • CVE-2020-8500Mar 2, 2020
    risk 0.00cvss epss 0.04

    In Artica Pandora FMS 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the Updater or Extension component. NOTE: The vendor reports that this is intended functionality

  • CVE-2019-15091Aug 16, 2019
    risk 0.00cvss epss 0.02

    filemgr.php in Artica Integria IMS 5.0.86 allows index.php?sec=wiki&sec2=operation/wiki/wiki&action=upload arbitrary file upload.

  • CVE-2019-13035Jun 29, 2019
    risk 0.00cvss epss 0.00

    Artica Pandora FMS 7.0 NG before 735 suffers from local privilege escalation due to improper permissions on C:\PandoraFMS and its sub-folders, allowing standard users to create new files. Moreover, the Apache service httpd.exe will try to execute cmd.exe from C:\PandoraFMS (the…

  • CVE-2019-7300Feb 1, 2019
    risk 0.00cvss epss 0.03

    Artica Proxy 3.06.200056 allows remote attackers to execute arbitrary commands as root by reading the ressources/settings.inc ldap_admin and ldap_password fields, using these credentials at logon.php, and then entering the commands in the admin.index.php command-line field.

  • CVE-2018-1000812Dec 20, 2018
    risk 0.00cvss epss 0.02

    Artica Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability in Password recovery process, line 45 of general/password_recovery.php that can result in IntegriaIMS web app user…

Page 2 of 2