Download
| Alert*
oval:org.secpod.oval:def:2000044
Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before 3.2.10rc1, and 3.3.x and 3.4.x before 3.4.4rc1 allows open redirect via the request parameter. oval:org.secpod.oval:def:1900920 Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before 3.2.10rc1, and 3.3.x and 3.4.x before 3.4.4rc1 allows open redirect via the request parameter. oval:org.secpod.oval:def:602798 An SQL injection vulnerability has been discovered in the "Latest data" page of the web frontend of the Zabbix network monitoring system oval:org.secpod.oval:def:601623 zabbix-agent is installed oval:org.secpod.oval:def:601512 zabbix-agent is installed oval:org.secpod.oval:def:600877 It was discovered that Zabbix, a network monitoring solution, does not properly validate user input used as a part of an SQL query. This may allow unauthenticated attackers to execute arbitrary SQL commands and possibly escalate privileges. oval:org.secpod.oval:def:1900325 In the trapper functionality of zabbix-agent Server 2.4.x, specifically crafted trapper packets can pass database logic checks, result ing in database writes. An attacker can set up a Man-in-the-Middle server to alter trapper requests made between an active zabbix-agent proxy and Server to trigger t ... oval:org.secpod.oval:def:603040 Lilith Wyatt discovered two vulnerabilities in the Zabbix network monitoring system which may result in execution of arbitrary code or database writes by malicious proxies. oval:org.secpod.oval:def:1901206 An information disclosure vulnerability exists in the iConfig proxy request of Zabbix server 2.4.X. A specially crafted iConfig proxy request can cause the Zabbix server to send the configuration information of any Zabbix proxy, resulting in information disclosure. An attacker can make requests from ... oval:org.secpod.oval:def:1900331 An exploitable code execution vulnerability exists in the trapper command functionality of zabbix-agent Server 2.4.X. A specially crafted set of packet scan cause a command injection result ing in remote code execution. An attacker can make requests from an active zabbix-agent Proxy to trigger this ... oval:org.secpod.oval:def:708901 zabbix: Open-source monitoring software tool for diverse IT components Zabbix could allow reflected cross-site scripting attacks. |