Vulnerabilities (CVE)

Vendor filter

Zabbix Subscribe

Product filter

Zabbix Subscribe

Filter

22 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-17382 1 Zabbix 1 Zabbix 2019-10-16 6.4
An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any...
CVE-2017-2824 1 Zabbix 1 Zabbix 2019-10-03 6.8
An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X. A specially crafted set of packets can cause a command injection resulting in remote code execution. An attacker can make requests...
CVE-2017-2825 2 Debian, Zabbix 2 Debian Linux, Zabbix 2019-10-03 6.8
In the trapper functionality of Zabbix Server 2.4.x, specifically crafted trapper packets can pass database logic checks, resulting in database writes. An attacker can set up a Man-in-the-Middle server to alter trapper requests made between an...
CVE-2019-15132 1 Zabbix 1 Zabbix 2019-08-29 5.0
Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate application usernames based on the variability of server responses (e.g., the "Login name or password is incorrect" and "No permissions for...
CVE-2016-10742 2 Zabbix, Debian 2 Zabbix, Debian Linux 2019-03-13 5.8
Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before 3.2.10rc1, and 3.3.x and 3.4.x before 3.4.4rc1 allows open redirect via the request parameter.
CVE-2017-2826 2 Zabbix, Debian 2 Zabbix, Debian Linux 2019-03-13 4.3
An information disclosure vulnerability exists in the iConfig proxy request of Zabbix server 2.4.X. A specially crafted iConfig proxy request can cause the Zabbix server to send the configuration information of any Zabbix proxy, resulting in...
CVE-2008-1353 1 Zabbix 1 Zabbix 2018-10-11 4.3
zabbix_agentd in ZABBIX 1.4.4 allows remote attackers to cause a denial of service (CPU and connection consumption) via multiple vfs.file.cksum commands with a special device node such as /dev/urandom or /dev/zero.
CVE-2016-4338 1 Zabbix 1 Zabbix 2018-10-09 6.8
The mysql user parameter configuration script (userparameter_mysql.conf) in the agent in Zabbix before 2.0.18, 2.2.x before 2.2.13, and 3.0.x before 3.0.3, when used with a shell other than bash, allows context-dependent attackers to execute...
CVE-2011-4615 1 Zabbix 1 Zabbix 2017-08-29 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Zabbix before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the gname parameter (aka host groups name) to (1) hostgroups.php and (2) usergrps.php, the update action...
CVE-2011-3265 1 Zabbix 1 Zabbix 2017-08-29 5.0
popup.php in Zabbix before 1.8.7 allows remote attackers to read the contents of arbitrary database tables via a modified srctbl parameter.
CVE-2011-3264 1 Zabbix 1 Zabbix 2017-08-29 5.0
Zabbix before 1.8.6 allows remote attackers to obtain sensitive information via an invalid srcfld2 parameter to popup.php, which reveals the installation path in an error message.
CVE-2011-3263 1 Zabbix 1 Zabbix 2017-08-29 5.0
zabbix_agentd in Zabbix before 1.8.6 and 1.9.x before 1.9.4 allows context-dependent attackers to cause a denial of service (CPU consumption) by executing the vfs.file.cksum command for a special device, as demonstrated by the /dev/urandom device.
CVE-2011-2904 1 Zabbix 1 Zabbix 2017-08-29 4.3
Cross-site scripting (XSS) vulnerability in acknow.php in Zabbix before 1.8.6 allows remote attackers to inject arbitrary web script or HTML via the backurl parameter.
CVE-2010-2790 1 Zabbix 1 Zabbix 2017-08-17 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the formatQuery function in frontends/php/include/classes/class.curl.php in Zabbix before 1.8.3rc1 allow remote attackers to inject arbitrary web script or HTML via the (1) filter_set, (2)...
CVE-2012-6086 1 Zabbix 1 Zabbix 2016-08-18 4.3
libs/zbxmedia/eztexting.c in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.8rc1, and 2.1.x before 2.1.2 does not properly set the CURLOPT_SSL_VERIFYHOST option for libcurl, which allows man-in-the-middle attackers to spoof SSL servers via an...
CVE-2014-1685 2 Zabbix, Fedoraproject 2 Fedora, Zabbix 2014-05-09 5.5
The Frontend in Zabbix before 1.8.20rc2, 2.0.x before 2.0.11rc2, and 2.2.x before 2.2.2rc1 allows remote "Zabbix Admin" users to modify the media of arbitrary users via unspecified vectors.
CVE-2014-1682 2 Zabbix, Fedoraproject 2 Fedora, Zabbix 2014-05-09 4.0
The API in Zabbix before 1.8.20rc1, 2.0.x before 2.0.11rc1, and 2.2.x before 2.2.2rc1 allows remote authenticated users to spoof arbitrary users via the user name in a user.login request.
CVE-2013-1364 1 Zabbix 1 Zabbix 2013-12-16 5.0
The user.login function in Zabbix before 1.8.16 and 2.x before 2.0.5rc1 allows remote attackers to override LDAP configuration via the cnf parameter.
CVE-2011-5027 1 Zabbix 1 Zabbix 2012-02-01 4.3
Cross-site scripting (XSS) vulnerability in ZABBIX before 1.8.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the profiler.
CVE-2009-4498 1 Zabbix 1 Zabbix 2010-05-25 6.8
The node_process_command function in Zabbix Server before 1.8 allows remote attackers to execute arbitrary commands via a crafted request.