CVE-2010-4282:pandora_fms: Multiple directory traversal vulnerabilities in Pan...

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2010-4282

pandora_fms: Multiple directory traversal vulnerabilities in Pan...

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4282

Original

Multiple directory traversal vulnerabilities in Pandora FMS before 3.1.1 allow remote attackers to include and execute arbitrary local files via (1) the page parameter to ajax.php or (2) the id parameter to general/pandora_help.php, and allow remote attackers to include and execute, create, modify, or delete arbitrary local files via (3) the layout parameter to operation/agentes/networkmap.php.

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2010-12-02

Source Information Category:

Advisory, Alert

Last Updated:

2010-12-03

Affected Product Tags

cpe:/a:artica:pandora_fms:1.2

cpe:/a:artica:pandora_fms:1.3

cpe:/a:artica:pandora_fms:1.3.1

cpe:/a:artica:pandora_fms:1.3:beta

cpe:/a:artica:pandora_fms:1.3:beta1

cpe:/a:artica:pandora_fms:1.3:beta2

cpe:/a:artica:pandora_fms:1.3:beta3

cpe:/a:artica:pandora_fms:2.0

cpe:/a:artica:pandora_fms:2.0:beta

cpe:/a:artica:pandora_fms:2.1

cpe:/a:artica:pandora_fms:2.1.1

cpe:/a:artica:pandora_fms:3.0

cpe:/a:artica:pandora_fms:3.0:rc1

cpe:/a:artica:pandora_fms:3.0:rc2

cpe:/a:artica:pandora_fms:3.1 and previous versions

cpe:/a:artica:pandora_fms:3.1:rc1

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

BID 45112

BUGTRAQ 20101130 Pandora FMS Authentication Bypass and Multiple Input Validation Vulnerabilities

CONFIRM http://sourceforge.net/projects/pandora/files/Pandora%20FMS%203.1/Final%20version%20%28Stable%29/pandorafms_console-3.1_security_patch_13Oct2010.tar.gz/download

EXPLOIT-DB 15643

Vulnerability Type Path Traversal (CWE-22)