Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Prtg_network_monitor
(Paessler)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 35 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-11-21 | CVE-2018-19411 | PRTG Network Monitor before 18.2.40.1683 allows an authenticated user with a read-only account to create another user with a read-write account (including administrator) via an HTTP request because /api/addusers doesn't check, or doesn't properly check, user rights. | Prtg_network_monitor | 8.8 | ||
| 2018-11-21 | CVE-2018-19410 | PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated attackers to create users with read-write privileges (including administrator). A remote unauthenticated user can craft an HTTP request and override attributes of the 'include' directive in /public/login.htm and perform a Local File Inclusion attack, by including /api/addusers and executing it. By providing the 'id' and 'users' parameters, an unauthenticated attacker can create a user with read-write privileges (including... | Prtg_network_monitor | 9.8 | ||
| 2018-04-21 | CVE-2018-10253 | Paessler PRTG Network Monitor before 18.1.39.1648 mishandles stack memory during unspecified API calls. | Prtg_network_monitor | 7.5 | ||
| 2017-08-18 | CVE-2017-9816 | Cross-site scripting (XSS) vulnerability in Paessler PRTG Network Monitor before 17.2.32.2279 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Prtg_network_monitor | 6.1 | ||
| 2017-10-19 | CVE-2017-15651 | PRTG Network Monitor 17.3.33.2830 allows remote authenticated administrators to execute arbitrary code by uploading a .exe file and then proceeding in spite of the error message. | Prtg_network_monitor | 6.7 | ||
| 2017-10-15 | CVE-2017-15360 | PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored Cross-Site Scripting on all group names created, related to incorrect error handling for an HTML encoded script. | Prtg_network_monitor | 5.4 | ||
| 2017-10-03 | CVE-2017-15009 | PRTG Network Monitor version 17.3.33.2830 is vulnerable to reflected Cross-Site Scripting on error.htm (the error page), via the errormsg parameter. | Prtg_network_monitor | 6.1 | ||
| 2017-10-03 | CVE-2017-15008 | PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored Cross-Site Scripting on all sensor titles, related to incorrect error handling for a %00 in the SRC attribute of an IMG element. | Prtg_network_monitor | 4.8 | ||
| 2017-08-24 | CVE-2017-12879 | Cross-site scripting (XSS-STORED) vulnerability in the DEVICES OR SENSORS functionality in Paessler PRTG Network Monitor before 17.3.33.2654 allows authenticated remote attackers to inject arbitrary web script or HTML. | Prtg_network_monitor | 5.4 | ||
| 2017-01-23 | CVE-2015-7743 | XML external entity vulnerability in PRTG Network Monitor before 16.2.23.3077/3078 allows remote authenticated users to read arbitrary files by creating a new HTTP XML/REST Value sensor that accesses a crafted XML file. | Prtg_network_monitor | 6.5 |