Zabbix before 1.8.19rc1, 2.0 before 2.0.10rc1, and 2.2 before 2.2.1rc1 allows remote Zabbix servers and proxies to execute arbitrary commands via a newline in a flexible user parameter.
Max CVSS
7.5
EPSS Score
0.93%
Published
2013-12-19
Updated
2014-03-06
Zabbix 2.0.5 allows remote authenticated users to discover the LDAP bind password by leveraging management-console access and reading the ldap_bind_password value in the HTML source code.
Max CVSS
3.5
EPSS Score
1.07%
Published
2013-10-01
Updated
2014-05-10
The user.login function in Zabbix before 1.8.16 and 2.x before 2.0.5rc1 allows remote attackers to override LDAP configuration via the cnf parameter.
Max CVSS
5.0
EPSS Score
0.71%
Published
2013-12-14
Updated
2013-12-16
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!