Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Prtg_network_monitor
(Paessler)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 35 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-08-09 | CVE-2023-32782 | A command injection was identified in PRTG 23.2.84.1566 and earlier versions in the Dicom C-ECHO sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. The severity of this vulnerability is high and received a score of 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | Prtg_network_monitor | 7.2 | ||
| 2024-02-08 | CVE-2023-51630 | Paessler PRTG Network Monitor Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Paessler PRTG Network Monitor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the web console. The issue results from the lack of proper validation of user-supplied data, which can lead to the... | Prtg_network_monitor | 6.1 | ||
| 2018-07-02 | CVE-2018-9276 | An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administrator web console with administrative privileges can exploit an OS command injection vulnerability (both on the server and on devices) by sending malformed parameters in sensor or notification management scenarios. | Prtg_network_monitor | 7.2 | ||
| 2020-02-03 | CVE-2019-19119 | An issue was discovered in PRTG 7.x through 19.4.53. Due to insufficient access control on local registry keys for the Core Server Service, a non-administrative user on the local machine is able to access administrative credentials. | Prtg_network_monitor | 5.5 | ||
| 2017-04-10 | CVE-2016-5078 | Paessler PRTG before 16.2.24.4045 has XSS via SNMP. | Prtg_network_monitor | 6.1 | ||
| 2018-11-12 | CVE-2018-19203 | PRTG Network Monitor before 18.2.41.1652 allows remote unauthenticated attackers to terminate the PRTG Core Server Service via a special HTTP request. | Prtg_network_monitor | 7.5 | ||
| 2018-11-12 | CVE-2018-19204 | PRTG Network Monitor before 18.3.44.2054 allows a remote authenticated attacker (with read-write privileges) to execute arbitrary code and OS commands with system privileges. When creating an HTTP Advanced Sensor, the user's input in the POST parameter 'proxyport_' is mishandled. The attacker can craft an HTTP request and override the 'writeresult' command-line parameter for HttpAdvancedSensor.exe to store arbitrary data in an arbitrary place on the file system. For example, the attacker can... | Prtg_network_monitor | 8.8 | ||
| 2019-04-10 | CVE-2018-14683 | PRTG before 19.1.49.1966 has Cross Site Scripting (XSS) in the WEBGUI. | Prtg_network_monitor | 6.1 | ||
| 2020-03-17 | CVE-2019-11074 | A Write to Arbitrary Location in Disk vulnerability exists in PRTG Network Monitor 19.1.49 and below that allows attackers to place files in arbitrary locations with SYSTEM privileges (although not controlling the contents of such files) due to insufficient sanitisation when passing arguments to the phantomjs.exe binary. In order to exploit the vulnerability, remote authenticated administrators need to create a new HTTP Full Web Page Sensor and set specific settings when executing the sensor. | Prtg_network_monitor | 7.2 | ||
| 2020-03-30 | CVE-2020-10374 | A webserver component in Paessler PRTG Network Monitor 19.2.50 to PRTG 20.1.56 allows unauthenticated remote command execution via a crafted POST request or the what parameter of the screenshot function in the Contact Support form. | Prtg_network_monitor | N/A |