Alexander Vladishev

**Name of the Vulnerable Software and Affected Versions** Zabbix (affected versions not specified) **Description** The issue is related to the use of files and directories accessible to external parties, potentially allowing a remote attacker to gain read-only access to the file system on behalf of the user "zabbix" on the Zabbix Server or Zabbix Proxy. This could lead to unauthorized access to sensitive data. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zabbix Frontend (affected versions not specified) **Description** The issue is related to the incorrect implementation of IP address checking in Zabbix Frontend, which allows an attacker to bypass protection and access the instance using an IP address not listed in the defined range. This could lead to unauthorized access to confidential data, disruption of data integrity, and potential denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zabbix Frontend (affected versions not specified) **Description** The issue is related to the lack of protection measures for the web page structure when handling the `backurl` parameter in Zabbix Frontend. This can be exploited by an unauthenticated user to create a link with reflected Javascript code inside the `backurl` parameter and send it to other authenticated users. The goal is to create a fake account with predefined login, password, and role. The exploitation can lead to cross-site scripting attacks using a specially crafted malicious link. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zabbix Frontend (affected versions not specified) **Description** The issue allows an authenticated user to create a link with reflected Javascript code inside it for the graphs' page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zabbix (affected versions not specified) **Description** The issue is related to the lack of protection of the web page structure in Zabbix, allowing an authenticated user to create a link with a reflected XSS payload for actions' pages and send it to other users. The malicious code can access all the same objects as the rest of the web page and make arbitrary modifications to the contents of the page being displayed to a victim. This attack can be implemented with the help of social engineering and requires an attacker to have authorized access to the Zabbix Frontend, allowed network connection between a malicious server and the victim's computer, understand the attacked infrastructure, be recognized by the victim as a trustee, and use a trusted communication channel. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zabbix (affected versions not specified) **Description** The issue is related to the lack of protection of the web page structure in Zabbix. An authenticated user can create a link with reflected Javascript code for the items' page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zabbix (affected versions not specified) **Description** The issue is related to the lack of protection of the web page structure in Zabbix. An authenticated user can create a link with reflected Javascript code inside it for the services' page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zabbix versions prior to 2.2.14 Zabbix versions 3.0 prior to 3.0.4 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `toggle ids` array parameter in the "latest.php" endpoint. **Recommendations** For Zabbix versions prior to 2.2.14, update to version 2.2.14 or later. For Zabbix versions 3.0 prior to 3.0.4, update to version 3.0.4 or later.

**Name of the Vulnerable Software and Affected Versions** Zabbix Server versions prior to 1.6.8 **Description** The issue allows remote attackers to cause a denial of service, resulting in a crash. This is achieved by sending a request that lacks expected separators, which triggers a NULL pointer dereference in the `zbx get next field` function. **Recommendations** For versions prior to 1.6.8, update to version 1.6.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the `zbx get next field` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Zabbix Server versions prior to 1.6.6 **Description** The issue allows remote attackers to cause a denial of service, resulting in a crash. This is achieved by sending a crafted request with data that lacks an expected : (colon) separator, triggering a NULL pointer dereference in the `process trap` function. **Recommendations** For versions prior to 1.6.6, update to version 1.6.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the `process trap` function in trapper/trapper.c to minimize the risk of exploitation.