ALT-PU-2014-2165-1
Closed vulnerabilities
Modified: 2024-11-21
CVE-2014-9450
Multiple SQL injection vulnerabilities in chart_bar.php in the frontend in Zabbix before 1.8.22, 2.0.x before 2.0.14, and 2.2.x before 2.2.8 allow remote attackers to execute arbitrary SQL commands via the (1) itemid or (2) periods parameter.
- 61554
- 61554
- http://www.zabbix.com/rn1.8.22.php
- http://www.zabbix.com/rn1.8.22.php
- http://www.zabbix.com/rn2.0.14.php
- http://www.zabbix.com/rn2.0.14.php
- http://www.zabbix.com/rn2.2.8.php
- http://www.zabbix.com/rn2.2.8.php
- https://support.zabbix.com/browse/ZBX-8582
- https://support.zabbix.com/browse/ZBX-8582
Modified: 2024-11-21
CVE-2016-10134
SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php.
- DSA-3802
- DSA-3802
- [oss-security] 20170112 CVE Request: Zabbix: SQL injection vulnerabilities in "Latest data"
- [oss-security] 20170112 CVE Request: Zabbix: SQL injection vulnerabilities in "Latest data"
- [oss-security] 20170112 Re: CVE Request: Zabbix: SQL injection vulnerabilities in "Latest data"
- [oss-security] 20170112 Re: CVE Request: Zabbix: SQL injection vulnerabilities in "Latest data"
- 95423
- 95423
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850936
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850936
- https://code610.blogspot.com/2017/10/zbx-11023-quick-autopsy.html
- https://code610.blogspot.com/2017/10/zbx-11023-quick-autopsy.html
- https://support.zabbix.com/browse/ZBX-11023
- https://support.zabbix.com/browse/ZBX-11023
Modified: 2024-11-21
CVE-2016-10742
Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before 3.2.10rc1, and 3.3.x and 3.4.x before 3.4.4rc1 allows open redirect via the request parameter.
- [debian-lts-announce] 20190311 [SECURITY] [DLA 1708-1] zabbix security update
- [debian-lts-announce] 20190311 [SECURITY] [DLA 1708-1] zabbix security update
- [debian-lts-announce] 20201121 [SECURITY] [DLA 2461-1] zabbix security update
- [debian-lts-announce] 20201121 [SECURITY] [DLA 2461-1] zabbix security update
- https://support.zabbix.com/browse/ZBX-10272
- https://support.zabbix.com/browse/ZBX-10272
- https://support.zabbix.com/browse/ZBX-13133
- https://support.zabbix.com/browse/ZBX-13133
Modified: 2024-11-21
CVE-2016-4338
The mysql user parameter configuration script (userparameter_mysql.conf) in the agent in Zabbix before 2.0.18, 2.2.x before 2.2.13, and 3.0.x before 3.0.3, when used with a shell other than bash, allows context-dependent attackers to execute arbitrary code or SQL commands via the mysql.size parameter.
- http://packetstormsecurity.com/files/136898/Zabbix-Agent-3.0.1-mysql.size-Shell-Command-Injection.html
- http://packetstormsecurity.com/files/136898/Zabbix-Agent-3.0.1-mysql.size-Shell-Command-Injection.html
- 20160503 CVE-2016-4338: Zabbix Agent 3.0.1 mysql.size shell command injection
- 20160503 CVE-2016-4338: Zabbix Agent 3.0.1 mysql.size shell command injection
- 20160503 CVE-2016-4338: Zabbix Agent 3.0.1 mysql.size shell command injection
- 20160503 CVE-2016-4338: Zabbix Agent 3.0.1 mysql.size shell command injection
- 89631
- 89631
- GLSA-201612-42
- GLSA-201612-42
- https://support.zabbix.com/browse/ZBX-10741
- https://support.zabbix.com/browse/ZBX-10741
- 39769
- 39769
- https://www.zabbix.com/documentation/2.0/manual/introduction/whatsnew2018#miscellaneous_improvements
- https://www.zabbix.com/documentation/2.0/manual/introduction/whatsnew2018#miscellaneous_improvements
- https://www.zabbix.com/documentation/2.2/manual/introduction/whatsnew2213#miscellaneous_improvements
- https://www.zabbix.com/documentation/2.2/manual/introduction/whatsnew2213#miscellaneous_improvements
- https://www.zabbix.com/documentation/3.0/manual/introduction/whatsnew303#miscellaneous_improvements
- https://www.zabbix.com/documentation/3.0/manual/introduction/whatsnew303#miscellaneous_improvements