Vulnerabilities > Zabbix
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-12-31 | CVE-2009-4500 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Zabbix The process_trap function in trapper/trapper.c in Zabbix Server before 1.6.6 allows remote attackers to cause a denial of service (crash) via a crafted request with data that lacks an expected : (colon) separator, which triggers a NULL pointer dereference. | 5.0 |
| 2009-12-31 | CVE-2009-4499 | SQL Injection vulnerability in Zabbix SQL injection vulnerability in the get_history_lastid function in the nodewatcher component in Zabbix Server before 1.6.8 allows remote attackers to execute arbitrary SQL commands via a crafted request, possibly related to the send_history_last_id function in zabbix_server/trapper/nodehistory.c. | 7.5 |
| 2009-12-31 | CVE-2009-4498 | OS Command Injection vulnerability in Zabbix The node_process_command function in Zabbix Server before 1.8 allows remote attackers to execute arbitrary commands via a crafted request. | 6.8 |
| 2008-03-17 | CVE-2008-1353 | Denial of Service vulnerability in ZABBIX File Checksum Request zabbix_agentd in ZABBIX 1.4.4 allows remote attackers to cause a denial of service (CPU and connection consumption) via multiple vfs.file.cksum commands with a special device node such as /dev/urandom or /dev/zero. network zabbix | 4.3 |
| 2007-12-04 | CVE-2007-6210 | Configuration vulnerability in Zabbix Agentd 1.1.4 zabbix_agentd 1.1.4 in ZABBIX before 1.4.3 runs "UserParameter" scripts with gid 0, which might allow local users to gain privileges. | 2.1 |
| 2007-01-31 | CVE-2007-0640 | Buffer Overflow vulnerability in Zabbix Buffer overflow in ZABBIX before 1.1.5 has unknown impact and attack vectors related to "SNMP IP addresses." | 10.0 |