Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-11749

Pandora FMS 7.0 NG <= 746 suffers from Multiple XSS vulnerabilities in different browser views. A network administrator scanning a SNMP device can trigger a Cross Site Scripting (XSS), which can run arbitrary code to allow Remote Code Execution as root or apache2.

CVE
#xss#vulnerability#apache#rce#pdf

%PDF-1.7 %���� 196 0 obj <> endobj xref 196 119 0000000016 00000 n 0000003593 00000 n 0000003780 00000 n 0000003816 00000 n 0000005074 00000 n 0000005213 00000 n 0000005352 00000 n 0000005491 00000 n 0000005630 00000 n 0000005769 00000 n 0000005907 00000 n 0000006046 00000 n 0000006185 00000 n 0000006321 00000 n 0000006458 00000 n 0000006595 00000 n 0000006732 00000 n 0000006869 00000 n 0000007006 00000 n 0000007143 00000 n 0000007280 00000 n 0000007413 00000 n 0000008058 00000 n 0000008615 00000 n 0000009082 00000 n 0000009790 00000 n 0000009827 00000 n 0000009875 00000 n 0000009923 00000 n 0000009971 00000 n 0000010244 00000 n 0000010358 00000 n 0000010474 00000 n 0000011020 00000 n 0000011274 00000 n 0000011812 00000 n 0000012072 00000 n 0000012099 00000 n 0000012574 00000 n 0000013394 00000 n 0000014081 00000 n 0000014899 00000 n 0000015841 00000 n 0000016572 00000 n 0000017378 00000 n 0000017722 00000 n 0000017864 00000 n 0000017891 00000 n 0000018729 00000 n 0000019302 00000 n 0000029694 00000 n 0000040931 00000 n 0000041043 00000 n 0000041113 00000 n 0000050099 00000 n 0000052749 00000 n 0000052866 00000 n 0000053367 00000 n 0000053437 00000 n 0000053532 00000 n 0000058971 00000 n 0000059258 00000 n 0000059479 00000 n 0000059747 00000 n 0000069960 00000 n 0000070444 00000 n 0000070837 00000 n 0000071197 00000 n 0000071321 00000 n 0000071352 00000 n 0000071427 00000 n 0000077615 00000 n 0000077946 00000 n 0000078012 00000 n 0000078128 00000 n 0000078203 00000 n 0000079017 00000 n 0000079065 00000 n 0000081878 00000 n 0000875323 00000 n 0000875797 00000 n 0000875872 00000 n 0000876224 00000 n 0000876299 00000 n 0000876601 00000 n 0000877428 00000 n 0001013417 00000 n 0001014244 00000 n 0001015071 00000 n 0001017693 00000 n 0001019020 00000 n 0001019847 00000 n 0001020674 00000 n 0001023175 00000 n 0001024271 00000 n 0001025098 00000 n 0001025925 00000 n 0001028117 00000 n 0001028977 00000 n 0001029804 00000 n 0001030631 00000 n 0001047667 00000 n 0001098851 00000 n 0001098918 00000 n 0001098994 00000 n 0001099084 00000 n 0001099168 00000 n 0001099252 00000 n 0001099342 00000 n 0001099418 00000 n 0001099472 00000 n 0001099526 00000 n 0001099580 00000 n 0001099634 00000 n 0001099688 00000 n 0001099742 00000 n 0001099796 00000 n 0001099850 00000 n 0000002676 00000 n trailer <<51BFC921553EBF42846B756AEC3852CC>]/Prev 1768820>> startxref 0 %%EOF 314 0 obj <>stream hތTMlU�ޮ���j��k ���H����9��v �K=PU�P9 !�qH# �Kg;x�f�6q�ho�JUA� C[��p��!�DNH!��@�"i�������>=-�n�O��_@��&�N|����&�/�z���W�R�q"���u"��������O�?,�&՚\פ���xh�R���h�2��lf浥������ܬ�p�)��b�V%xR��k�<%���u;=m���Yc>;WΌ.3�ꞡ�\Ӥj=�R� R)�iK7�~ ���\ٝG��T0��J�!�CZ"P)YF6��.�ڼy�����Q9�� �F �I�P�bd3��G���mq���p��M�Pۄyk�JWO[�F�ĊI$��pE�z��Ф�-U29��0��^����ƅ$o��R  �����e����:Ǻ��m��>��۶v*�3E���t��#���<�(�] ��G��ة�|>���Nu�Y�� 3�Z��ã|��#�/o����%�S;�T;���$�7w���"�*��!�`����]S8 u �!�����LO�sJ<��}�6p�K7 M�>h���.n�Ě�oL� c��SD=6����`���� �Ds{����&��Rv�; � E`AT��lGo5}���q���7��5&�-���q�~҃]�۩�;Cj€�)���yt��L���1<�dj���A���gv�cO!R7� ��7���N��!uI�����|���DX’}I�{a�E����_�hQz�N=�A���B䧽휽C�MD~����S��u)� endstream endobj 197 0 obj <>>> endobj 198 0 obj <> endobj 199 0 obj </LastModified/NumberofPages 1/OriginalDocumentID/PageUIDList<>/PageWidthList<>>>>>/Resources<>/ExtGState<>/Font<>/ProcSet[/PDF/Text/ImageC/ImageI]/XObject<>>>/Rotate 0/Tabs/W/Thumb 183 0 R/TrimBox[0.0 0.0 595.276 841.89]/Type/Page>> endobj 200 0 obj [201 0 R 202 0 R 203 0 R 204 0 R 205 0 R 206 0 R 207 0 R 208 0 R 209 0 R 210 0 R 211 0 R 212 0 R 213 0 R 214 0 R 215 0 R] endobj 201 0 obj <>/Border[0 0 0]/H/N/Rect[474.569 39.0371 559.276 25.4189]/Subtype/Link/Type/Annot>> endobj 202 0 obj <>/Border[0 0 0]/H/N/Rect[105.874 166.509 134.883 137.899]/Subtype/Link/Type/Annot>> endobj 203 0 obj <>/Border[0 0 0]/H/N/Rect[71.1821 166.509 100.191 137.899]/Subtype/Link/Type/Annot>> endobj 204 0 obj <>/Border[0 0 0]/H/N/Rect[36.4897 166.509 65.4988 137.899]/Subtype/Link/Type/Annot>> endobj 205 0 obj <>/Border[0 0 0]/H/N/Rect[47.544 125.721 132.883 116.489]/Subtype/Link/Type/Annot>> endobj 206 0 obj <>/Border[0 0 0]/H/N/Rect[18.7889 113.721 132.883 104.489]/Subtype/Link/Type/Annot>> endobj 207 0 obj <>/Border[0 0 0]/H/N/Rect[88.0212 101.721 132.883 92.4888]/Subtype/Link/Type/Annot>> endobj 208 0 obj <>/Border[0 0 0]/H/N/Rect[328.632 611.53 330.61 599.55]/Subtype/Link/Type/Annot>> endobj 209 0 obj <>/Border[0 0 0]/H/N/Rect[192.331 591.53 313.576 579.55]/Subtype/Link/Type/Annot>> endobj 210 0 obj <>/Border[0 0 0]/H/N/Rect[323.719 571.53 325.697 559.55]/Subtype/Link/Type/Annot>> endobj 211 0 obj <>/Border[0 0 0]/H/N/Rect[275.905 551.53 277.883 539.55]/Subtype/Link/Type/Annot>> endobj 212 0 obj <>/Border[0 0 0]/H/N/Rect[467.209 611.53 469.187 599.55]/Subtype/Link/Type/Annot>> endobj 213 0 obj <>/Border[0 0 0]/H/N/Rect[508.326 591.53 510.304 579.55]/Subtype/Link/Type/Annot>> endobj 214 0 obj <>/Border[0 0 0]/H/N/Rect[428.843 571.53 430.821 559.55]/Subtype/Link/Type/Annot>> endobj 215 0 obj <>/Border[0 0 0]/H/N/Rect[440.859 551.53 442.837 539.55]/Subtype/Link/Type/Annot>> endobj 216 0 obj <> endobj 217 0 obj <>stream H�\��n�0F�y /�E�ľ� !Q�J,�G��@b:���t�ۏ���A���k�9�-���]�M��>^�}�̩��1^/oc�1�v}Q[�v�4���9��L����ϻ�t)V+S�H��4��ݦ��}Q~�8v������ߛr�6 �9����zm�xJ��0|=��)�]���t{Hw>O�� �؜k`�K�á���ŪJ��Y��׺�}��<,�v<5�c>����:%[mR�U�]��#��GfO̶̖�g�#�ħ��{uMz&Y� W��T��dI��H�$�IIK�’mH���[�0r%͜69Y�2 �@f!�,d��L �� d2��B&�Y�2 ��,�+��hWh�ѮЮ�]�]����p��`��}z��R�V���J�rX)V+��a�X9�+G��� � ��<4,�xX���aX<,���H�xX��2� }{��mϳ-��i_i�ӾҾ�}��c��h_� �)~?�/��������S�~�_�O� �)~!��9��������������Y��9�7�����μ]��Oڒ�c�5o��Z^�y��o����v� &�z!E endstream endobj 218 0 obj <> endobj 219 0 obj <> endobj 220 0 obj <> endobj 221 0 obj [/ICCBased 250 0 R] endobj 222 0 obj [/Indexed 221 0 R 169 260 0 R] endobj 223 0 obj [/Indexed 221 0 R 127 261 0 R] endobj 224 0 obj [/Indexed 221 0 R 119 262 0 R] endobj 225 0 obj <> endobj 226 0 obj <> endobj 227 0 obj <> endobj 228 0 obj <>stream H�\��j�0��~ -�EqbK3-�@�4�E�i������Fqy�����!�g�9�F���v� �h��7;?�C����%6���� ټ0m׌?O�s��,OŻ�y��m8�YU��_<��jn�m���Y�[�p47�ݭ�w�a��’F33��i�!=��K}�&���m���]��{��:xSL�s�4}��C��X��ϪY��ڤk����7����泎YU���,�ߓ����?����-Q[��spA.�%�[�;� Y�JV0}J���)�c9�ż�������������9v�Y��`�hѣe�=:��0��\s9��Ћc�C�c�C�pMk"�� k�Bg���Y�,�d �A��|���/�G�#xE^�ٗ�/a_��dCN��R���Q�pV~G�wT�+��� ���_��W�+��� ���_���0?ݰiv’�o:e��l4�ӱ���tp��O��&U�} 0�� endstream endobj 229 0 obj <> endobj 230 0 obj <>stream H�\�Qk�@���+�}(�d���`��-������$������V�|!sO�#3�f������44�8�c׷)^�kj�;�S�g�µ]3}�Ϳ͹�܆���ϻ�8dU����2���[��!�g�{jc�������߻|ǿ���-�j��x����V���籇]kϻ��`3�+~����~I�fh�e������ja���^���b���<�;�?uʪ� ����!o�/���K�/ r�dV���䵱_�lc�z�z��㽞99>�X�f�G�$?���O�g�3�]<��-y f/�^��lZ�1�c�g�g�g�g�g�g�g�g�g�g�g������0S�)�d 3��LA�0S�)̔9��݅�݅�݅�݅�݅�݅�ݕ�ݕ� O���S��Tz*<�� O���S�pS��`s~�BlS;M�� 4הl��Gn����]�N�8�Φ��� 0Y��{ endstream endobj 231 0 obj <> endobj 232 0 obj [252 0 R] endobj 233 0 obj <>stream H�\��n�0E�|������0�H(R��R}�i?���"59d���\n�JE˞�<�z�نvp�k��ܡ M���k���؆d���������OU�����چC���K�l�<ī��o���Mҗ��؆���X�n]�����?�0��-���K�T���ɻt ��6���;����~������2u��s_�>V��2�g��G{��Ϳ��a�C�YṮ̌9�l0~ ?�&#�`<%O�� Y�s��&�����3�/xn�s �/����g`%���G�#993V+�� =�BO��0��9�,p�y^�W`�"�EX��a-�Z�l?�T֥�K��Tz*<�� O���S��Tz*<�� ���Y��+��s��r�L��O�%Fk��}�B����vx��΢�&� rC�x endstream endobj 234 0 obj <>stream H��TMo�0 ����:�ѧ-E�&]� kСz�!H�.]�q�`��#e9v�v�%��|O�J^"�3��3�Z������`�D�O��_FW��:���� .q9��62�2 �T&��Y� %�� �L��H�K �gi&��\���Fӎ|\D� �Z4�S�~s��+s �,6�QQ`("�G\��S(�V� Eųr�|��-�o��,��u�\��]Ê�{C�Z��m焧�( �}DϡTj�ˉ�>�2 q�$��,Az�� ��5�i{�-��d���%ܲ�p�����~s��D�;��=<)�8D���2�w��%4,�^� q� ��������Ė�Kl* �z��^|FsDf��;����,��E�[�i��=8o����T|;���c���BUoV�z��<�|��� ����|~���� �Yջr�\������4@دv?� ��G�u��x������ ��="�:�����s�pY���\�’��r�x�� �$�?"w!�qꢭ?��҈w��a?�!�p�����c��C���wzeGgԦO�A��ˠɴ

Related news

CVE-2022-2059: Pandora FMS Common Vulnerabilities and Exposures

In Pandora FMS v7.0NG.761 and below, in the agent creation section, the alias parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907