Vulnerabilities (CVE)

Vendor filter

Zabbix Subscribe

Product filter

Zabbix Subscribe

Filter

36 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-17382 1 Zabbix 1 Zabbix 2019-10-16 6.4
An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any...
CVE-2017-2825 2 Debian, Zabbix 2 Debian Linux, Zabbix 2019-10-03 6.8
In the trapper functionality of Zabbix Server 2.4.x, specifically crafted trapper packets can pass database logic checks, resulting in database writes. An attacker can set up a Man-in-the-Middle server to alter trapper requests made between an...
CVE-2017-2824 1 Zabbix 1 Zabbix 2019-10-03 6.8
An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X. A specially crafted set of packets can cause a command injection resulting in remote code execution. An attacker can make requests...
CVE-2019-15132 1 Zabbix 1 Zabbix 2019-08-29 5.0
Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate application usernames based on the variability of server responses (e.g., the "Login name or password is incorrect" and "No permissions for...
CVE-2016-10742 2 Zabbix, Debian 2 Zabbix, Debian Linux 2019-03-13 5.8
Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before 3.2.10rc1, and 3.3.x and 3.4.x before 3.4.4rc1 allows open redirect via the request parameter.
CVE-2017-2826 2 Zabbix, Debian 2 Zabbix, Debian Linux 2019-03-13 4.3
An information disclosure vulnerability exists in the iConfig proxy request of Zabbix server 2.4.X. A specially crafted iConfig proxy request can cause the Zabbix server to send the configuration information of any Zabbix proxy, resulting in...
CVE-2008-1353 1 Zabbix 1 Zabbix 2018-10-11 4.3
zabbix_agentd in ZABBIX 1.4.4 allows remote attackers to cause a denial of service (CPU and connection consumption) via multiple vfs.file.cksum commands with a special device node such as /dev/urandom or /dev/zero.
CVE-2010-5049 1 Zabbix 1 Zabbix 2018-10-10 7.5
SQL injection vulnerability in events.php in Zabbix 1.8.1 and earlier allows remote attackers to execute arbitrary SQL commands via the nav_time parameter.
CVE-2010-1277 1 Zabbix 1 Zabbix 2018-10-10 7.5
SQL injection vulnerability in the user.authenticate method in the API in Zabbix 1.8 before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the user parameter in JSON data to api_jsonrpc.php.
CVE-2016-4338 1 Zabbix 1 Zabbix 2018-10-09 6.8
The mysql user parameter configuration script (userparameter_mysql.conf) in the agent in Zabbix before 2.0.18, 2.2.x before 2.2.13, and 3.0.x before 3.0.3, when used with a shell other than bash, allows context-dependent attackers to execute...
CVE-2014-3005 2 Zabbix, Fedoraproject 2 Zabbix, Fedora 2018-02-21 7.5
XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted...
CVE-2016-10134 1 Zabbix 1 Zabbix 2017-11-04 7.5
SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php.
CVE-2012-3435 1 Zabbix 1 Zabbix 2017-08-29 7.5
SQL injection vulnerability in frontends/php/popup_bitem.php in Zabbix 1.8.15rc1 and earlier, and 2.x before 2.0.2rc1, allows remote attackers to execute arbitrary SQL commands via the itemid parameter.
CVE-2011-4674 1 Zabbix 1 Zabbix 2017-08-29 7.5
SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, and possibly other versions before 1.8.9, allows remote attackers to execute arbitrary SQL commands via the only_hostid parameter.
CVE-2011-4615 1 Zabbix 1 Zabbix 2017-08-29 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Zabbix before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the gname parameter (aka host groups name) to (1) hostgroups.php and (2) usergrps.php, the update action...
CVE-2011-3265 1 Zabbix 1 Zabbix 2017-08-29 5.0
popup.php in Zabbix before 1.8.7 allows remote attackers to read the contents of arbitrary database tables via a modified srctbl parameter.
CVE-2011-3264 1 Zabbix 1 Zabbix 2017-08-29 5.0
Zabbix before 1.8.6 allows remote attackers to obtain sensitive information via an invalid srcfld2 parameter to popup.php, which reveals the installation path in an error message.
CVE-2011-3263 1 Zabbix 1 Zabbix 2017-08-29 5.0
zabbix_agentd in Zabbix before 1.8.6 and 1.9.x before 1.9.4 allows context-dependent attackers to cause a denial of service (CPU consumption) by executing the vfs.file.cksum command for a special device, as demonstrated by the /dev/urandom device.
CVE-2011-2904 1 Zabbix 1 Zabbix 2017-08-29 4.3
Cross-site scripting (XSS) vulnerability in acknow.php in Zabbix before 1.8.6 allows remote attackers to inject arbitrary web script or HTML via the backurl parameter.
CVE-2010-2790 1 Zabbix 1 Zabbix 2017-08-17 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the formatQuery function in frontends/php/include/classes/class.curl.php in Zabbix before 1.8.3rc1 allow remote attackers to inject arbitrary web script or HTML via the (1) filter_set, (2)...