Lucene search

[email protected]NVD:CVE-2010-4282

HistoryDec 02, 2010 - 5:15 p.m.

CVE-2010-4282

2010-12-0217:15:00

CWE-22

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

Low

EPSS

0.008

Percentile

82.2%

JSON

Multiple directory traversal vulnerabilities in Pandora FMS before 3.1.1 allow remote attackers to include and execute arbitrary local files via (1) the page parameter to ajax.php or (2) the id parameter to general/pandora_help.php, and allow remote attackers to include and execute, create, modify, or delete arbitrary local files via (3) the layout parameter to operation/agentes/networkmap.php.

Affected configurations

Nvd

Node

articapandora_fmsRange≤3.1

articapandora_fmsMatch1.2

articapandora_fmsMatch1.3

articapandora_fmsMatch1.3beta

articapandora_fmsMatch1.3beta1

articapandora_fmsMatch1.3beta2

articapandora_fmsMatch1.3beta3

articapandora_fmsMatch1.3.1

articapandora_fmsMatch2.0

articapandora_fmsMatch2.0beta

articapandora_fmsMatch2.1

articapandora_fmsMatch2.1.1

articapandora_fmsMatch3.0

articapandora_fmsMatch3.0rc1

articapandora_fmsMatch3.0rc2

articapandora_fmsMatch3.1rc1

VendorProductVersionCPE
articapandora_fms*cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:*
articapandora_fms1.2cpe:2.3:a:artica:pandora_fms:1.2:*:*:*:*:*:*:*
articapandora_fms1.3cpe:2.3:a:artica:pandora_fms:1.3:*:*:*:*:*:*:*
articapandora_fms1.3cpe:2.3:a:artica:pandora_fms:1.3:beta:*:*:*:*:*:*
articapandora_fms1.3cpe:2.3:a:artica:pandora_fms:1.3:beta1:*:*:*:*:*:*
articapandora_fms1.3cpe:2.3:a:artica:pandora_fms:1.3:beta2:*:*:*:*:*:*
articapandora_fms1.3cpe:2.3:a:artica:pandora_fms:1.3:beta3:*:*:*:*:*:*
articapandora_fms1.3.1cpe:2.3:a:artica:pandora_fms:1.3.1:*:*:*:*:*:*:*
articapandora_fms2.0cpe:2.3:a:artica:pandora_fms:2.0:*:*:*:*:*:*:*
articapandora_fms2.0cpe:2.3:a:artica:pandora_fms:2.0:beta:*:*:*:*:*:*

Vendor	Product	Version	CPE
artica	pandora_fms	*	cpe:2.3:a:artica:pandora_fms::::::::
artica	pandora_fms	1.2	cpe:2.3:a:artica:pandora_fms:1.2:::::::*
artica	pandora_fms	1.3	cpe:2.3:a:artica:pandora_fms:1.3:::::::*
artica	pandora_fms	1.3	cpe:2.3:a:artica:pandora_fms:1.3:beta::::::
artica	pandora_fms	1.3	cpe:2.3:a:artica:pandora_fms:1.3:beta1::::::
artica	pandora_fms	1.3	cpe:2.3:a:artica:pandora_fms:1.3:beta2::::::
artica	pandora_fms	1.3	cpe:2.3:a:artica:pandora_fms:1.3:beta3::::::
artica	pandora_fms	1.3.1	cpe:2.3:a:artica:pandora_fms:1.3.1:::::::*
artica	pandora_fms	2.0	cpe:2.3:a:artica:pandora_fms:2.0:::::::*
artica	pandora_fms	2.0	cpe:2.3:a:artica:pandora_fms:2.0:beta::::::

Rows per page:

1-10 of 161

References

osvdb.org/69543

osvdb.org/69544

osvdb.org/69545

seclists.org/fulldisclosure/2010/Nov/326

secunia.com/advisories/42347

sourceforge.net/projects/pandora/files/Pandora%20FMS%203.1/Final%20version%20%28Stable%29/pandorafms_console-3.1_security_patch_13Oct2010.tar.gz/download

www.exploit-db.com/exploits/15643

www.securityfocus.com/archive/1/514939/100/0/threaded

www.securityfocus.com/bid/45112