Pandora 漏洞列表
共找到 16 个与 Pandora 相关的漏洞
📅 加载漏洞趋势中...
-
CVE-2019-20224: PandoraFMS v7.0NG Post-auth Remote Code Execution POC
Pandora FMS 7.0NG allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ip_src parameter in an index.php?operation/netflow/nf_live_view request. Fofa: app="PANDORAFMS-产品" -
CVE-2018-11222: Pandora FMS <=7.0NG.722 - Remote Code Execution POC
Pandora FMS versions <=7.0NG.722 are vulnerable to unauthenticated remote code execution by chaining an unrestricted file upload (CVE-2018-11221) and a local file inclusion (CVE-2018-11222). An attacker can upload a malicious PHP file as a plugin and execute it via LFI, leading to full compromise of the server. -
CVE-2019-20224: Pandora FMS 7.0NG - Remote Command Injection POC
Pandora FMS 7.0NG allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ip_src parameter in an index.php?operation/netflow/nf_live_view request. -
CVE-2020-13851: Artica Pandora FMS 7.44 - Remote Code Execution POC
Artica Pandora FMS 7.44 allows remote command execution via the events feature. -
CVE-2020-8497: Artica Pandora FMS <=7.42 - Arbitrary File Read POC
Artica Pandora FMS through 7.42 is susceptible to arbitrary file read. An attacker can read the chat history, which is in JSON format and contains user names, user IDs, private messages, and timestamps. This can potentially lead to unauthorized data modification and other operations. -
CVE-2024-11320: Pandora v7.0NG.777.3 - Remote Code Execution POC
Arbitrary commands execution on the server by exploiting a command injection vulnerability in the LDAP authentication mechanism.This issue affects Pandora FMS- from 700 through <=777.4 -
CVE-2018-11222: Pandora FMS <=7.0NG.722 - Remote Code Execution POC
Pandora FMS versions <=7.0NG.722 are vulnerable to unauthenticated remote code execution by chaining an unrestricted file upload (CVE-2018-11221) and a local file inclusion (CVE-2018-11222). An attacker can upload a malicious PHP file as a plugin and execute it via LFI, leading to full compromise of the server. -
CVE-2019-20224: Pandora FMS 7.0NG - Remote Command Injection POC
Pandora FMS 7.0NG allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ip_src parameter in an index.php?operation/netflow/nf_live_view request. -
CVE-2020-13851: Artica Pandora FMS 7.44 - Remote Code Execution POC
Artica Pandora FMS 7.44 allows remote command execution via the events feature. -
CVE-2020-8497: Artica Pandora FMS <=7.42 - Arbitrary File Read POC
Artica Pandora FMS through 7.42 is susceptible to arbitrary file read. An attacker can read the chat history, which is in JSON format and contains user names, user IDs, private messages, and timestamps. This can potentially lead to unauthorized data modification and other operations. -
CVE-2024-11320: Pandora v7.0NG.777.3 - Remote Code Execution POC
Arbitrary commands execution on the server by exploiting a command injection vulnerability in the LDAP authentication mechanism.This issue affects Pandora FMS- from 700 through <=777.4 -
pandora-fms-installer: Pandora FMS Installation Page - Exposure POC
Detects exposed Pandora FMS installation page. -
PandoraFMS upload_head_image.php 任意文件上传漏洞 无POC
PandoraFMS中存在任意文件上传漏洞,此漏洞是由于未充分验证用户输入upload_head_image.php的数据所导致的。 -
PandoraFMS 软件sql注入漏洞 无POC
PandoraFMS是美国PandoraFMS的一个应用软件。提供一个监控功能。Pandora FMS监控软件存在SQL注入漏洞,攻击者通过chartgenerator,php 来执行恶意语句,获取数据库敏感信息。 -
Artica Pandora FMS未授权访问(CVE-2020-8497) 无POC
Artica Pandora FMS是西班牙Artica公司的一套监控系统,在 Artica Pandora FMS 到 7.42中,未经身份验证的攻击者可以读取聊天记录。该文件采用 JSON 格式,包含用户名、用户 ID、私人消息和时间戳。 -
Artica Pandora FMS upload_head_image.php 任意文件上传漏洞 无POC
PandoraFMS是美国pandorafms的一个应用软件。提供一个监控功能。 PandoraFMS 存在安全漏洞,该漏洞源于PandoraFMS <=7.54允许任意文件上传。攻击者可利用该漏洞通过文件管理器远程执行命令。