Search criteria
12 vulnerabilities found for zenoss by zenoss
CVE-2019-14258 (GCVE-0-2019-14258)
Vulnerability from nvd – Published: 2019-08-21 18:33 – Updated: 2024-08-05 00:12
VLAI?
Summary
The XML-RPC subsystem in Zenoss 2.5.3 allows XXE attacks that lead to unauthenticated information disclosure via port 9988.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:12:43.365Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.coalfire.com/The-Coalfire-Blog"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.coalfire.com/The-Coalfire-Blog/August-2019/Getting-more-from-a-compliance-test"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The XML-RPC subsystem in Zenoss 2.5.3 allows XXE attacks that lead to unauthenticated information disclosure via port 9988."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-21T18:33:52.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.coalfire.com/The-Coalfire-Blog"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.coalfire.com/The-Coalfire-Blog/August-2019/Getting-more-from-a-compliance-test"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14258",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XML-RPC subsystem in Zenoss 2.5.3 allows XXE attacks that lead to unauthenticated information disclosure via port 9988."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.coalfire.com/The-Coalfire-Blog",
"refsource": "MISC",
"url": "https://www.coalfire.com/The-Coalfire-Blog"
},
{
"name": "https://www.coalfire.com/The-Coalfire-Blog/August-2019/Getting-more-from-a-compliance-test",
"refsource": "CONFIRM",
"url": "https://www.coalfire.com/The-Coalfire-Blog/August-2019/Getting-more-from-a-compliance-test"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14258",
"datePublished": "2019-08-21T18:33:52.000Z",
"dateReserved": "2019-07-24T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:12:43.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-14257 (GCVE-0-2019-14257)
Vulnerability from nvd – Published: 2019-08-21 18:35 – Updated: 2024-08-05 00:12
VLAI?
Summary
pyraw in Zenoss 2.5.3 allows local privilege escalation by modifying environment variables to redirect execution before privileges are dropped, aka ZEN-31765.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:12:43.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.coalfire.com/The-Coalfire-Blog"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.coalfire.com/The-Coalfire-Blog/August-2019/Getting-more-from-a-compliance-test"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pyraw in Zenoss 2.5.3 allows local privilege escalation by modifying environment variables to redirect execution before privileges are dropped, aka ZEN-31765."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-21T18:35:35.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.coalfire.com/The-Coalfire-Blog"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.coalfire.com/The-Coalfire-Blog/August-2019/Getting-more-from-a-compliance-test"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14257",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "pyraw in Zenoss 2.5.3 allows local privilege escalation by modifying environment variables to redirect execution before privileges are dropped, aka ZEN-31765."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.coalfire.com/The-Coalfire-Blog",
"refsource": "MISC",
"url": "https://www.coalfire.com/The-Coalfire-Blog"
},
{
"name": "https://www.coalfire.com/The-Coalfire-Blog/August-2019/Getting-more-from-a-compliance-test",
"refsource": "CONFIRM",
"url": "https://www.coalfire.com/The-Coalfire-Blog/August-2019/Getting-more-from-a-compliance-test"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14257",
"datePublished": "2019-08-21T18:35:35.000Z",
"dateReserved": "2019-07-24T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:12:43.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3739 (GCVE-0-2014-3739)
Vulnerability from nvd – Published: 2014-05-20 14:00 – Updated: 2024-08-06 10:50
VLAI?
Summary
Open redirect vulnerability in zport/acl_users/cookieAuthHelper/login_form in Zenoss 4.2.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the came_from parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2014-05-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:50:18.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "67396",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67396"
},
{
"name": "[oss-security] 20140514 Re: Zenoss Open Source monitoring System - Open Redirect \u0026 Stored XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/05/15/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=wtmdsz24evo"
},
{
"name": "[oss-security] 20140514 Zenoss Open Source monitoring System - Open Redirect \u0026 Stored XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/05/14/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in zport/acl_users/cookieAuthHelper/login_form in Zenoss 4.2.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the came_from parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-20T12:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "67396",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67396"
},
{
"name": "[oss-security] 20140514 Re: Zenoss Open Source monitoring System - Open Redirect \u0026 Stored XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/05/15/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.youtube.com/watch?v=wtmdsz24evo"
},
{
"name": "[oss-security] 20140514 Zenoss Open Source monitoring System - Open Redirect \u0026 Stored XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/05/14/5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3739",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in zport/acl_users/cookieAuthHelper/login_form in Zenoss 4.2.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the came_from parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "67396",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67396"
},
{
"name": "[oss-security] 20140514 Re: Zenoss Open Source monitoring System - Open Redirect \u0026 Stored XSS Vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/05/15/5"
},
{
"name": "https://www.youtube.com/watch?v=wtmdsz24evo",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=wtmdsz24evo"
},
{
"name": "[oss-security] 20140514 Zenoss Open Source monitoring System - Open Redirect \u0026 Stored XSS Vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/05/14/5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3739",
"datePublished": "2014-05-20T14:00:00.000Z",
"dateReserved": "2014-05-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T10:50:18.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3738 (GCVE-0-2014-3738)
Vulnerability from nvd – Published: 2014-05-20 14:00 – Updated: 2024-08-06 10:50
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Zenoss 4.2.5 allows remote attackers to inject arbitrary web script or HTML via the title of a device.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2014-05-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:50:17.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "67396",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67396"
},
{
"name": "[oss-security] 20140514 Re: Zenoss Open Source monitoring System - Open Redirect \u0026 Stored XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/05/15/5"
},
{
"name": "34165",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/34165"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=wtmdsz24evo"
},
{
"name": "[oss-security] 20140514 Zenoss Open Source monitoring System - Open Redirect \u0026 Stored XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/05/14/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/127623/Zenoss-Monitoring-System-4.2.5-2108-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Zenoss 4.2.5 allows remote attackers to inject arbitrary web script or HTML via the title of a device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-12T18:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "67396",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67396"
},
{
"name": "[oss-security] 20140514 Re: Zenoss Open Source monitoring System - Open Redirect \u0026 Stored XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/05/15/5"
},
{
"name": "34165",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/34165"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.youtube.com/watch?v=wtmdsz24evo"
},
{
"name": "[oss-security] 20140514 Zenoss Open Source monitoring System - Open Redirect \u0026 Stored XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/05/14/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/127623/Zenoss-Monitoring-System-4.2.5-2108-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3738",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Zenoss 4.2.5 allows remote attackers to inject arbitrary web script or HTML via the title of a device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "67396",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67396"
},
{
"name": "[oss-security] 20140514 Re: Zenoss Open Source monitoring System - Open Redirect \u0026 Stored XSS Vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/05/15/5"
},
{
"name": "34165",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/34165"
},
{
"name": "https://www.youtube.com/watch?v=wtmdsz24evo",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=wtmdsz24evo"
},
{
"name": "[oss-security] 20140514 Zenoss Open Source monitoring System - Open Redirect \u0026 Stored XSS Vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/05/14/5"
},
{
"name": "http://packetstormsecurity.com/files/127623/Zenoss-Monitoring-System-4.2.5-2108-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127623/Zenoss-Monitoring-System-4.2.5-2108-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3738",
"datePublished": "2014-05-20T14:00:00.000Z",
"dateReserved": "2014-05-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T10:50:17.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0713 (GCVE-0-2010-0713)
Vulnerability from nvd – Published: 2010-02-26 17:03 – Updated: 2024-08-07 00:59
VLAI?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss 2.3.3, and other versions before 2.5, allow remote attackers to hijack the authentication of an administrator for (1) requests that reset user passwords via zport/dmd/ZenUsers/admin, and (2) requests that change user commands, which allows for remote execution of system commands via zport/dmd/userCommands/.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2010-01-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:59:38.384Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37843",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37843"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngenuity.org/wordpress/2010/01/14/ngenuity-2010-002-zenoss-multiple-admin-csrf/"
},
{
"name": "61805",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/61805"
},
{
"name": "20100116 Zenoss Multiple Admin CSRF",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/508982/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.zenoss.com/news/SQL-Injection-and-Cross-Site-Forgery-in-Zenoss-Core-Corrected.html"
},
{
"name": "38195",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38195"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss 2.3.3, and other versions before 2.5, allow remote attackers to hijack the authentication of an administrator for (1) requests that reset user passwords via zport/dmd/ZenUsers/admin, and (2) requests that change user commands, which allows for remote execution of system commands via zport/dmd/userCommands/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37843",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37843"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngenuity.org/wordpress/2010/01/14/ngenuity-2010-002-zenoss-multiple-admin-csrf/"
},
{
"name": "61805",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/61805"
},
{
"name": "20100116 Zenoss Multiple Admin CSRF",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/508982/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.zenoss.com/news/SQL-Injection-and-Cross-Site-Forgery-in-Zenoss-Core-Corrected.html"
},
{
"name": "38195",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38195"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0713",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss 2.3.3, and other versions before 2.5, allow remote attackers to hijack the authentication of an administrator for (1) requests that reset user passwords via zport/dmd/ZenUsers/admin, and (2) requests that change user commands, which allows for remote execution of system commands via zport/dmd/userCommands/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37843",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37843"
},
{
"name": "http://www.ngenuity.org/wordpress/2010/01/14/ngenuity-2010-002-zenoss-multiple-admin-csrf/",
"refsource": "MISC",
"url": "http://www.ngenuity.org/wordpress/2010/01/14/ngenuity-2010-002-zenoss-multiple-admin-csrf/"
},
{
"name": "61805",
"refsource": "OSVDB",
"url": "http://osvdb.org/61805"
},
{
"name": "20100116 Zenoss Multiple Admin CSRF",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/508982/100/0/threaded"
},
{
"name": "http://www.zenoss.com/news/SQL-Injection-and-Cross-Site-Forgery-in-Zenoss-Core-Corrected.html",
"refsource": "CONFIRM",
"url": "http://www.zenoss.com/news/SQL-Injection-and-Cross-Site-Forgery-in-Zenoss-Core-Corrected.html"
},
{
"name": "38195",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38195"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0713",
"datePublished": "2010-02-26T17:03:00.000Z",
"dateReserved": "2010-02-26T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:59:38.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0712 (GCVE-0-2010-0712)
Vulnerability from nvd – Published: 2010-02-26 17:03 – Updated: 2024-08-07 00:59
VLAI?
Summary
Multiple SQL injection vulnerabilities in zport/dmd/Events/getJSONEventsInfo in Zenoss 2.3.3, and other versions before 2.5, allow remote authenticated users to execute arbitrary SQL commands via the (1) severity, (2) state, (3) filter, (4) offset, and (5) count parameters.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Date Public ?
2010-01-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:59:38.376Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dev.zenoss.org/trac/changeset/15257"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngenuity.org/wordpress/2010/01/14/ngenuity-2010-001-zenoss-getjsoneventsinfo-sql-injection/"
},
{
"name": "61804",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/61804"
},
{
"name": "37802",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37802"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.zenoss.com/news/SQL-Injection-and-Cross-Site-Forgery-in-Zenoss-Core-Corrected.html"
},
{
"name": "zenoss-getjsoneventsinfo-sql-injection(55670)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55670"
},
{
"name": "38195",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38195"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in zport/dmd/Events/getJSONEventsInfo in Zenoss 2.3.3, and other versions before 2.5, allow remote authenticated users to execute arbitrary SQL commands via the (1) severity, (2) state, (3) filter, (4) offset, and (5) count parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dev.zenoss.org/trac/changeset/15257"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngenuity.org/wordpress/2010/01/14/ngenuity-2010-001-zenoss-getjsoneventsinfo-sql-injection/"
},
{
"name": "61804",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/61804"
},
{
"name": "37802",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37802"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.zenoss.com/news/SQL-Injection-and-Cross-Site-Forgery-in-Zenoss-Core-Corrected.html"
},
{
"name": "zenoss-getjsoneventsinfo-sql-injection(55670)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55670"
},
{
"name": "38195",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38195"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0712",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in zport/dmd/Events/getJSONEventsInfo in Zenoss 2.3.3, and other versions before 2.5, allow remote authenticated users to execute arbitrary SQL commands via the (1) severity, (2) state, (3) filter, (4) offset, and (5) count parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dev.zenoss.org/trac/changeset/15257",
"refsource": "MISC",
"url": "http://dev.zenoss.org/trac/changeset/15257"
},
{
"name": "http://www.ngenuity.org/wordpress/2010/01/14/ngenuity-2010-001-zenoss-getjsoneventsinfo-sql-injection/",
"refsource": "MISC",
"url": "http://www.ngenuity.org/wordpress/2010/01/14/ngenuity-2010-001-zenoss-getjsoneventsinfo-sql-injection/"
},
{
"name": "61804",
"refsource": "OSVDB",
"url": "http://osvdb.org/61804"
},
{
"name": "37802",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37802"
},
{
"name": "http://www.zenoss.com/news/SQL-Injection-and-Cross-Site-Forgery-in-Zenoss-Core-Corrected.html",
"refsource": "CONFIRM",
"url": "http://www.zenoss.com/news/SQL-Injection-and-Cross-Site-Forgery-in-Zenoss-Core-Corrected.html"
},
{
"name": "zenoss-getjsoneventsinfo-sql-injection(55670)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55670"
},
{
"name": "38195",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38195"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0712",
"datePublished": "2010-02-26T17:03:00.000Z",
"dateReserved": "2010-02-26T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:59:38.376Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-14257 (GCVE-0-2019-14257)
Vulnerability from cvelistv5 – Published: 2019-08-21 18:35 – Updated: 2024-08-05 00:12
VLAI?
Summary
pyraw in Zenoss 2.5.3 allows local privilege escalation by modifying environment variables to redirect execution before privileges are dropped, aka ZEN-31765.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:12:43.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.coalfire.com/The-Coalfire-Blog"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.coalfire.com/The-Coalfire-Blog/August-2019/Getting-more-from-a-compliance-test"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pyraw in Zenoss 2.5.3 allows local privilege escalation by modifying environment variables to redirect execution before privileges are dropped, aka ZEN-31765."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-21T18:35:35.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.coalfire.com/The-Coalfire-Blog"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.coalfire.com/The-Coalfire-Blog/August-2019/Getting-more-from-a-compliance-test"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14257",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "pyraw in Zenoss 2.5.3 allows local privilege escalation by modifying environment variables to redirect execution before privileges are dropped, aka ZEN-31765."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.coalfire.com/The-Coalfire-Blog",
"refsource": "MISC",
"url": "https://www.coalfire.com/The-Coalfire-Blog"
},
{
"name": "https://www.coalfire.com/The-Coalfire-Blog/August-2019/Getting-more-from-a-compliance-test",
"refsource": "CONFIRM",
"url": "https://www.coalfire.com/The-Coalfire-Blog/August-2019/Getting-more-from-a-compliance-test"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14257",
"datePublished": "2019-08-21T18:35:35.000Z",
"dateReserved": "2019-07-24T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:12:43.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-14258 (GCVE-0-2019-14258)
Vulnerability from cvelistv5 – Published: 2019-08-21 18:33 – Updated: 2024-08-05 00:12
VLAI?
Summary
The XML-RPC subsystem in Zenoss 2.5.3 allows XXE attacks that lead to unauthenticated information disclosure via port 9988.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:12:43.365Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.coalfire.com/The-Coalfire-Blog"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.coalfire.com/The-Coalfire-Blog/August-2019/Getting-more-from-a-compliance-test"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The XML-RPC subsystem in Zenoss 2.5.3 allows XXE attacks that lead to unauthenticated information disclosure via port 9988."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-21T18:33:52.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.coalfire.com/The-Coalfire-Blog"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.coalfire.com/The-Coalfire-Blog/August-2019/Getting-more-from-a-compliance-test"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14258",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XML-RPC subsystem in Zenoss 2.5.3 allows XXE attacks that lead to unauthenticated information disclosure via port 9988."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.coalfire.com/The-Coalfire-Blog",
"refsource": "MISC",
"url": "https://www.coalfire.com/The-Coalfire-Blog"
},
{
"name": "https://www.coalfire.com/The-Coalfire-Blog/August-2019/Getting-more-from-a-compliance-test",
"refsource": "CONFIRM",
"url": "https://www.coalfire.com/The-Coalfire-Blog/August-2019/Getting-more-from-a-compliance-test"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14258",
"datePublished": "2019-08-21T18:33:52.000Z",
"dateReserved": "2019-07-24T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:12:43.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3739 (GCVE-0-2014-3739)
Vulnerability from cvelistv5 – Published: 2014-05-20 14:00 – Updated: 2024-08-06 10:50
VLAI?
Summary
Open redirect vulnerability in zport/acl_users/cookieAuthHelper/login_form in Zenoss 4.2.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the came_from parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2014-05-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:50:18.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "67396",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67396"
},
{
"name": "[oss-security] 20140514 Re: Zenoss Open Source monitoring System - Open Redirect \u0026 Stored XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/05/15/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=wtmdsz24evo"
},
{
"name": "[oss-security] 20140514 Zenoss Open Source monitoring System - Open Redirect \u0026 Stored XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/05/14/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in zport/acl_users/cookieAuthHelper/login_form in Zenoss 4.2.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the came_from parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-20T12:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "67396",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67396"
},
{
"name": "[oss-security] 20140514 Re: Zenoss Open Source monitoring System - Open Redirect \u0026 Stored XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/05/15/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.youtube.com/watch?v=wtmdsz24evo"
},
{
"name": "[oss-security] 20140514 Zenoss Open Source monitoring System - Open Redirect \u0026 Stored XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/05/14/5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3739",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in zport/acl_users/cookieAuthHelper/login_form in Zenoss 4.2.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the came_from parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "67396",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67396"
},
{
"name": "[oss-security] 20140514 Re: Zenoss Open Source monitoring System - Open Redirect \u0026 Stored XSS Vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/05/15/5"
},
{
"name": "https://www.youtube.com/watch?v=wtmdsz24evo",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=wtmdsz24evo"
},
{
"name": "[oss-security] 20140514 Zenoss Open Source monitoring System - Open Redirect \u0026 Stored XSS Vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/05/14/5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3739",
"datePublished": "2014-05-20T14:00:00.000Z",
"dateReserved": "2014-05-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T10:50:18.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3738 (GCVE-0-2014-3738)
Vulnerability from cvelistv5 – Published: 2014-05-20 14:00 – Updated: 2024-08-06 10:50
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Zenoss 4.2.5 allows remote attackers to inject arbitrary web script or HTML via the title of a device.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2014-05-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:50:17.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "67396",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67396"
},
{
"name": "[oss-security] 20140514 Re: Zenoss Open Source monitoring System - Open Redirect \u0026 Stored XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/05/15/5"
},
{
"name": "34165",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/34165"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=wtmdsz24evo"
},
{
"name": "[oss-security] 20140514 Zenoss Open Source monitoring System - Open Redirect \u0026 Stored XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/05/14/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/127623/Zenoss-Monitoring-System-4.2.5-2108-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Zenoss 4.2.5 allows remote attackers to inject arbitrary web script or HTML via the title of a device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-12T18:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "67396",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67396"
},
{
"name": "[oss-security] 20140514 Re: Zenoss Open Source monitoring System - Open Redirect \u0026 Stored XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/05/15/5"
},
{
"name": "34165",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/34165"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.youtube.com/watch?v=wtmdsz24evo"
},
{
"name": "[oss-security] 20140514 Zenoss Open Source monitoring System - Open Redirect \u0026 Stored XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/05/14/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/127623/Zenoss-Monitoring-System-4.2.5-2108-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3738",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Zenoss 4.2.5 allows remote attackers to inject arbitrary web script or HTML via the title of a device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "67396",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67396"
},
{
"name": "[oss-security] 20140514 Re: Zenoss Open Source monitoring System - Open Redirect \u0026 Stored XSS Vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/05/15/5"
},
{
"name": "34165",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/34165"
},
{
"name": "https://www.youtube.com/watch?v=wtmdsz24evo",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=wtmdsz24evo"
},
{
"name": "[oss-security] 20140514 Zenoss Open Source monitoring System - Open Redirect \u0026 Stored XSS Vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/05/14/5"
},
{
"name": "http://packetstormsecurity.com/files/127623/Zenoss-Monitoring-System-4.2.5-2108-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127623/Zenoss-Monitoring-System-4.2.5-2108-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3738",
"datePublished": "2014-05-20T14:00:00.000Z",
"dateReserved": "2014-05-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T10:50:17.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0713 (GCVE-0-2010-0713)
Vulnerability from cvelistv5 – Published: 2010-02-26 17:03 – Updated: 2024-08-07 00:59
VLAI?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss 2.3.3, and other versions before 2.5, allow remote attackers to hijack the authentication of an administrator for (1) requests that reset user passwords via zport/dmd/ZenUsers/admin, and (2) requests that change user commands, which allows for remote execution of system commands via zport/dmd/userCommands/.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2010-01-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:59:38.384Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37843",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37843"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngenuity.org/wordpress/2010/01/14/ngenuity-2010-002-zenoss-multiple-admin-csrf/"
},
{
"name": "61805",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/61805"
},
{
"name": "20100116 Zenoss Multiple Admin CSRF",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/508982/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.zenoss.com/news/SQL-Injection-and-Cross-Site-Forgery-in-Zenoss-Core-Corrected.html"
},
{
"name": "38195",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38195"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss 2.3.3, and other versions before 2.5, allow remote attackers to hijack the authentication of an administrator for (1) requests that reset user passwords via zport/dmd/ZenUsers/admin, and (2) requests that change user commands, which allows for remote execution of system commands via zport/dmd/userCommands/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37843",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37843"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngenuity.org/wordpress/2010/01/14/ngenuity-2010-002-zenoss-multiple-admin-csrf/"
},
{
"name": "61805",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/61805"
},
{
"name": "20100116 Zenoss Multiple Admin CSRF",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/508982/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.zenoss.com/news/SQL-Injection-and-Cross-Site-Forgery-in-Zenoss-Core-Corrected.html"
},
{
"name": "38195",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38195"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0713",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss 2.3.3, and other versions before 2.5, allow remote attackers to hijack the authentication of an administrator for (1) requests that reset user passwords via zport/dmd/ZenUsers/admin, and (2) requests that change user commands, which allows for remote execution of system commands via zport/dmd/userCommands/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37843",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37843"
},
{
"name": "http://www.ngenuity.org/wordpress/2010/01/14/ngenuity-2010-002-zenoss-multiple-admin-csrf/",
"refsource": "MISC",
"url": "http://www.ngenuity.org/wordpress/2010/01/14/ngenuity-2010-002-zenoss-multiple-admin-csrf/"
},
{
"name": "61805",
"refsource": "OSVDB",
"url": "http://osvdb.org/61805"
},
{
"name": "20100116 Zenoss Multiple Admin CSRF",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/508982/100/0/threaded"
},
{
"name": "http://www.zenoss.com/news/SQL-Injection-and-Cross-Site-Forgery-in-Zenoss-Core-Corrected.html",
"refsource": "CONFIRM",
"url": "http://www.zenoss.com/news/SQL-Injection-and-Cross-Site-Forgery-in-Zenoss-Core-Corrected.html"
},
{
"name": "38195",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38195"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0713",
"datePublished": "2010-02-26T17:03:00.000Z",
"dateReserved": "2010-02-26T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:59:38.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0712 (GCVE-0-2010-0712)
Vulnerability from cvelistv5 – Published: 2010-02-26 17:03 – Updated: 2024-08-07 00:59
VLAI?
Summary
Multiple SQL injection vulnerabilities in zport/dmd/Events/getJSONEventsInfo in Zenoss 2.3.3, and other versions before 2.5, allow remote authenticated users to execute arbitrary SQL commands via the (1) severity, (2) state, (3) filter, (4) offset, and (5) count parameters.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Date Public ?
2010-01-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:59:38.376Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dev.zenoss.org/trac/changeset/15257"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngenuity.org/wordpress/2010/01/14/ngenuity-2010-001-zenoss-getjsoneventsinfo-sql-injection/"
},
{
"name": "61804",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/61804"
},
{
"name": "37802",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37802"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.zenoss.com/news/SQL-Injection-and-Cross-Site-Forgery-in-Zenoss-Core-Corrected.html"
},
{
"name": "zenoss-getjsoneventsinfo-sql-injection(55670)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55670"
},
{
"name": "38195",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38195"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in zport/dmd/Events/getJSONEventsInfo in Zenoss 2.3.3, and other versions before 2.5, allow remote authenticated users to execute arbitrary SQL commands via the (1) severity, (2) state, (3) filter, (4) offset, and (5) count parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dev.zenoss.org/trac/changeset/15257"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngenuity.org/wordpress/2010/01/14/ngenuity-2010-001-zenoss-getjsoneventsinfo-sql-injection/"
},
{
"name": "61804",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/61804"
},
{
"name": "37802",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37802"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.zenoss.com/news/SQL-Injection-and-Cross-Site-Forgery-in-Zenoss-Core-Corrected.html"
},
{
"name": "zenoss-getjsoneventsinfo-sql-injection(55670)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55670"
},
{
"name": "38195",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38195"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0712",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in zport/dmd/Events/getJSONEventsInfo in Zenoss 2.3.3, and other versions before 2.5, allow remote authenticated users to execute arbitrary SQL commands via the (1) severity, (2) state, (3) filter, (4) offset, and (5) count parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dev.zenoss.org/trac/changeset/15257",
"refsource": "MISC",
"url": "http://dev.zenoss.org/trac/changeset/15257"
},
{
"name": "http://www.ngenuity.org/wordpress/2010/01/14/ngenuity-2010-001-zenoss-getjsoneventsinfo-sql-injection/",
"refsource": "MISC",
"url": "http://www.ngenuity.org/wordpress/2010/01/14/ngenuity-2010-001-zenoss-getjsoneventsinfo-sql-injection/"
},
{
"name": "61804",
"refsource": "OSVDB",
"url": "http://osvdb.org/61804"
},
{
"name": "37802",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37802"
},
{
"name": "http://www.zenoss.com/news/SQL-Injection-and-Cross-Site-Forgery-in-Zenoss-Core-Corrected.html",
"refsource": "CONFIRM",
"url": "http://www.zenoss.com/news/SQL-Injection-and-Cross-Site-Forgery-in-Zenoss-Core-Corrected.html"
},
{
"name": "zenoss-getjsoneventsinfo-sql-injection(55670)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55670"
},
{
"name": "38195",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38195"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0712",
"datePublished": "2010-02-26T17:03:00.000Z",
"dateReserved": "2010-02-26T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:59:38.376Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}