Zabbix before 1.8.19rc1, 2.0 before 2.0.10rc1, and 2.2 before 2.2.1rc1 allows remote Zabbix servers and proxies to execute arbitrary commands via a newline in a flexible user parameter.
Max CVSS
7.5
EPSS Score
0.93%
Published
2013-12-19
Updated
2014-03-06
Zabbix 2.0.5 allows remote authenticated users to discover the LDAP bind password by leveraging management-console access and reading the ldap_bind_password value in the HTML source code.
Max CVSS
3.5
EPSS Score
1.07%
Published
2013-10-01
Updated
2014-05-10
The user.login function in Zabbix before 1.8.16 and 2.x before 2.0.5rc1 allows remote attackers to override LDAP configuration via the cnf parameter.
Max CVSS
5.0
EPSS Score
0.71%
Published
2013-12-14
Updated
2013-12-16
3 vulnerabilities found