← Back

Pandorafms

pandorafms

48 CVEs • 3 products

Products (3)

Click to collapse
Toggle
Pandora Fms
pandora_fms
46 CVEs
Pandora Flexible Monitoring System
pandora_flexible_monitoring_system
1 CVE
Artica Pandora Fms
artica_pandora_fms
1 CVE

CVEs (48)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-13853
1Pandorafms
1Pandora Fms
Nov 21, 2024
Jun 11, 2020
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Artica Pandora FMS 7.44 has persistent XSS in the Messages feature.
CVE-2020-13852
1Pandorafms
1Pandora Fms
Nov 21, 2024
Jun 11, 2020
N/A· v4
7.2 HIGH· v3
9.0 HIGH· v2
Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Manager feature.
CVE-2020-13851
1Pandorafms
1Pandora Fms
Nov 21, 2024
Jun 11, 2020
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
Artica Pandora FMS 7.44 allows remote command execution via the events feature.
CVE-2020-13850
1Pandorafms
1Pandora Fms
Nov 21, 2024
Jun 11, 2020
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Artica Pandora FMS 7.44 has inadequate access controls on a web folder.
CVE-2019-19968
1Pandorafms
1Pandora Fms
Nov 21, 2024
Feb 4, 2020
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
PandoraFMS 742 suffers from multiple XSS vulnerabilities, affecting the Agent Management, Report Builder, and Graph Builder components. An authenticated user can inject dangerous content into a data store that is later r...Show more
PandoraFMS 742 suffers from multiple XSS vulnerabilities, affecting the Agent Management, Report Builder, and Graph Builder components. An authenticated user can inject dangerous content into a data store that is later read and included in dynamic content.Show less
CVE-2019-13035
1Pandorafms
1Pandora Fms
Nov 21, 2024
Jun 29, 2019
N/A· v4
7.8 HIGH· v3
7.2 HIGH· v2
Artica Pandora FMS 7.0 NG before 735 suffers from local privilege escalation due to improper permissions on C:\PandoraFMS and its sub-folders, allowing standard users to create new files. Moreover, the Apache service htt...Show more
Artica Pandora FMS 7.0 NG before 735 suffers from local privilege escalation due to improper permissions on C:\PandoraFMS and its sub-folders, allowing standard users to create new files. Moreover, the Apache service httpd.exe will try to execute cmd.exe from C:\PandoraFMS (the current directory) as NT AUTHORITY\SYSTEM upon web requests to the portal. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITY\SYSTEM.Show less
CVE-2018-11223
1Pandorafms
1Artica Pandora Fms
Nov 21, 2024
Jun 16, 2018
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
XSS in Artica Pandora FMS before 7.0 NG 723 allows an attacker to execute arbitrary code via a crafted "refr" parameter in a "/pandora_console/index.php?sec=estado&sec2=operation/agentes/estado_agente&refr=" call.
CVE-2014-8629
1Pandorafms
1Pandora Flexible Monitoring System
May 6, 2026
Nov 19, 2014
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in the Page visualization agents in Pandora FMS 5.1 SP1 and earlier allows remote attackers to inject arbitrary web script or HTML via the refr parameter to index.php.