Vulnerabilities (CVE)

Vendor filter

Zabbix Subscribe

Filter

13 total CVE
CVE Vendors Products Updated CVSS
CVE-2010-5049 1 Zabbix 1 Zabbix 2018-10-10 7.5
SQL injection vulnerability in events.php in Zabbix 1.8.1 and earlier allows remote attackers to execute arbitrary SQL commands via the nav_time parameter.
CVE-2010-1277 1 Zabbix 1 Zabbix 2018-10-10 7.5
SQL injection vulnerability in the user.authenticate method in the API in Zabbix 1.8 before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the user parameter in JSON data to api_jsonrpc.php.
CVE-2014-3005 2 Zabbix, Fedoraproject 2 Zabbix, Fedora 2018-02-21 7.5
XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted...
CVE-2016-10134 1 Zabbix 1 Zabbix 2017-11-04 7.5
SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php.
CVE-2012-3435 1 Zabbix 1 Zabbix 2017-08-29 7.5
SQL injection vulnerability in frontends/php/popup_bitem.php in Zabbix 1.8.15rc1 and earlier, and 2.x before 2.0.2rc1, allows remote attackers to execute arbitrary SQL commands via the itemid parameter.
CVE-2011-4674 1 Zabbix 1 Zabbix 2017-08-29 7.5
SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, and possibly other versions before 1.8.9, allows remote attackers to execute arbitrary SQL commands via the only_hostid parameter.
CVE-2007-0640 1 Zabbix 1 Zabbix 2017-07-29 10.0
Buffer overflow in ZABBIX before 1.1.5 has unknown impact and attack vectors related to "SNMP IP addresses."
CVE-2014-9450 1 Zabbix 1 Zabbix 2015-01-06 7.5
Multiple SQL injection vulnerabilities in chart_bar.php in the frontend in Zabbix before 1.8.22, 2.0.x before 2.0.14, and 2.2.x before 2.2.8 allow remote attackers to execute arbitrary SQL commands via the (1) itemid or (2) periods parameter.
CVE-2013-6824 1 Zabbix 1 Zabbix 2014-03-06 7.5
Zabbix before 1.8.19rc1, 2.0 before 2.0.10rc1, and 2.2 before 2.2.1rc1 allows remote Zabbix servers and proxies to execute arbitrary commands via a newline in a flexible user parameter.
CVE-2006-6693 1 Zabbix 1 Zabbix 2011-03-08 7.5
Multiple buffer overflows in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via long strings to the (1) zabbix_log and (2) zabbix_syslog functions.
CVE-2006-6692 1 Zabbix 1 Zabbix 2011-03-08 7.5
Multiple format string vulnerabilities in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in information that would be recorded in the system...
CVE-2009-4499 1 Zabbix 1 Zabbix 2010-02-02 7.5
SQL injection vulnerability in the get_history_lastid function in the nodewatcher component in Zabbix Server before 1.6.8 allows remote attackers to execute arbitrary SQL commands via a crafted request, possibly related to the...
CVE-2009-4502 1 Zabbix 1 Zabbix 2010-01-01 9.3
The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, when running on FreeBSD or Solaris, allows remote attackers to bypass the EnableRemoteCommands setting and execute arbitrary commands via shell metacharacters in the argument to...