Vulnerabilities
Vulnerable Software
Zenoss:  >> Zenoss Core  >> 5.0.0  Security Vulnerabilities
An unspecified endpoint in Zenoss Core through 5 Beta 3 allows remote attackers to cause a denial of service (CPU consumption) by triggering an arbitrary regular-expression match attempt, aka ZEN-15411.
CVSS Score
5.0
EPSS Score
0.007
Published
2014-12-15
Zenoss Core through 5 Beta 3 allows remote attackers to bypass intended access restrictions by using a web-endpoint URL to invoke an object helper method, aka ZEN-15407.
CVSS Score
5.0
EPSS Score
0.004
Published
2014-12-15
Zenoss Core through 5 Beta 3 allows remote attackers to bypass intended access restrictions and place files in a directory with public (1) read or (2) execute access via a move action, aka ZEN-15386.
CVSS Score
7.5
EPSS Score
0.003
Published
2014-12-15
Multiple cross-site scripting (XSS) vulnerabilities in Zenoss Core through 5 Beta 3 allow remote attackers to inject arbitrary web script or HTML via an attribute in a (1) device name, (2) device detail, (3) report name, (4) report detail, or (5) portlet name, or (6) a string to a helper method, aka ZEN-15381 and ZEN-15410.
CVSS Score
4.3
EPSS Score
0.006
Published
2014-12-15
Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss Core through 5 Beta 3 allow remote attackers to hijack the authentication of arbitrary users, aka ZEN-12653.
CVSS Score
6.8
EPSS Score
0.001
Published
2014-12-15


Contact Us

Shodan ® - All rights reserved