GCVE - cpe:2.3:a:zabbix:zabbix:1.1.2:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:zabbix:zabbix:1.1.2:*:*:*:*:*:*:*

part: a version: 1.1.2 update: *

Vendor	Zabbix (`8857f8ff-2020-5e62-b9b7-687960752062`)
Product	Zabbix (`ff27d8f3-5575-5d69-ac0d-7d8e9faa4e83`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:docker/zabbix/zabbix-agent`	purl2cpe	2026-06-01 10:13:01.777753
`pkg:github/zabbix/zabbix`	purl2cpe	2026-06-01 10:13:01.777755
`pkg:rpm/fedora/zabbix`	purl2cpe	2026-06-01 10:13:01.777757
`pkg:rpm/opensuse/zabbix`	purl2cpe	2026-06-01 10:13:01.777759
`pkg:zabbix/zbx/zabbix`	purl2cpe	2026-06-01 10:13:01.777761

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2012-3435`	vulnerable	2026-06-08 05:02:09.850972	Details available SQL injection vulnerability in frontends/php/popup_bitem.php in Zabbix 1.8.15rc1 and earlier, and 2.x before 2.0.2rc1, allows remote attackers to execute arbitrary SQL commands via the itemid parameter. Published: 2012-08-15T20:00:00.000Z Updated: 2024-08-06T20:05:12.556Z Open on db.gcve.eu Reference links http://www.exploit-db.com/exploits/20087 http://secunia.com/advisories/50475 http://git.zabbixzone.com/zabbix2.0/.git/commitdiff/333a3a5542ba8a2c901c24b7bf5440f41f1f4f54 http://www.debian.org/security/2012/dsa-2539 https://support.zabbix.com/browse/ZBX-5348	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-5027`	vulnerable	2026-06-08 04:59:34.211908	Details available Cross-site scripting (XSS) vulnerability in ZABBIX before 1.8.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the profiler. Published: 2011-12-29T22:00:00.000Z Updated: 2024-08-07T00:23:39.389Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/51093 http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071660.html https://support.zabbix.com/browse/ZBX-4015 http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071687.html http://osvdb.org/77772	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-4615`	vulnerable	2026-06-08 04:59:32.291964	Details available Multiple cross-site scripting (XSS) vulnerabilities in Zabbix before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the gname parameter (aka host groups name) to (1) hostgroups.php and (2) usergrps.php, the update action to (3) hosts.php and (4) scripts.php, and (5) maintenance.php. Published: 2011-12-29T22:00:00.000Z Updated: 2024-08-07T00:09:19.538Z Open on db.gcve.eu Reference links http://osvdb.org/77771 http://www.securityfocus.com/bid/51093 http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071660.html https://support.zabbix.com/browse/ZBX-4015 http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071687.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-3265`	vulnerable	2026-06-08 04:59:23.676563	Details available popup.php in Zabbix before 1.8.7 allows remote attackers to read the contents of arbitrary database tables via a modified srctbl parameter. Published: 2011-08-19T21:00:00.000Z Updated: 2024-08-06T23:29:56.536Z Open on db.gcve.eu Reference links https://support.zabbix.com/browse/ZBX-3840 http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066092.html http://www.securityfocus.com/bid/49277 https://support.zabbix.com/browse/ZBX-3955 https://exchange.xforce.ibmcloud.com/vulnerabilities/69376	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-3264`	vulnerable	2026-06-08 04:59:23.674184	Details available Zabbix before 1.8.6 allows remote attackers to obtain sensitive information via an invalid srcfld2 parameter to popup.php, which reveals the installation path in an error message. Published: 2011-08-19T21:00:00.000Z Updated: 2024-08-06T23:29:56.401Z Open on db.gcve.eu Reference links https://support.zabbix.com/browse/ZBX-3840 http://www.zabbix.com/rn1.8.6.php https://exchange.xforce.ibmcloud.com/vulnerabilities/69377	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-3263`	vulnerable	2026-06-08 04:59:23.637071	Details available zabbix_agentd in Zabbix before 1.8.6 and 1.9.x before 1.9.4 allows context-dependent attackers to cause a denial of service (CPU consumption) by executing the vfs.file.cksum command for a special device, as demonstrated by the /dev/urandom device. Published: 2011-08-19T21:00:00.000Z Updated: 2024-08-06T23:29:56.674Z Open on db.gcve.eu Reference links http://www.zabbix.com/rn1.8.6.php https://support.zabbix.com/browse/ZBX-3794 https://exchange.xforce.ibmcloud.com/vulnerabilities/69378	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-2904`	vulnerable	2026-06-08 04:58:09.562213	Details available Cross-site scripting (XSS) vulnerability in acknow.php in Zabbix before 1.8.6 allows remote attackers to inject arbitrary web script or HTML via the backurl parameter. Published: 2011-08-19T21:00:00.000Z Updated: 2024-08-06T23:15:31.951Z Open on db.gcve.eu Reference links http://secunia.com/advisories/45502 http://www.securityfocus.com/bid/49016 http://www.openwall.com/lists/oss-security/2011/08/09/5 http://www.zabbix.com/rn1.8.6.php http://www.openwall.com/lists/oss-security/2011/08/08/2	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-5049`	vulnerable	2026-06-08 04:56:31.652459	Details available SQL injection vulnerability in events.php in Zabbix 1.8.1 and earlier allows remote attackers to execute arbitrary SQL commands via the nav_time parameter. Published: 2011-11-23T01:00:00.000Z Updated: 2024-08-07T04:09:38.781Z Open on db.gcve.eu Reference links http://www.securityfocus.com/archive/1/511454/100/0/threaded http://www.vupen.com/english/advisories/2010/1240 http://www.securityfocus.com/bid/39752 http://secunia.com/advisories/39119 http://packetstormsecurity.org/1004-exploits/zabbix181-sql.txt	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-2790`	vulnerable	2026-06-08 04:55:10.645525	Details available Multiple cross-site scripting (XSS) vulnerabilities in the formatQuery function in frontends/php/include/classes/class.curl.php in Zabbix before 1.8.3rc1 allow remote attackers to inject arbitrary web script or HTML via the (1) filter_set, (2) show_details, (3) filter_rst, or (4) txt_select parameters to the triggers page (tr_status.php). NOTE: some of these details are obtained from third party information. Published: 2010-08-04T19:00:00.000Z Updated: 2024-08-07T02:46:48.224Z Open on db.gcve.eu Reference links http://www.zabbix.com/forum/showthread.php?p=68770 https://exchange.xforce.ibmcloud.com/vulnerabilities/60772 http://www.vupen.com/english/advisories/2010/1908 http://secunia.com/advisories/40679 https://support.zabbix.com/browse/ZBX-2326	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-4502`	vulnerable	2026-06-08 04:51:48.672760	Details available The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, when running on FreeBSD or Solaris, allows remote attackers to bypass the EnableRemoteCommands setting and execute arbitrary commands via shell metacharacters in the argument to net.tcp.listen. NOTE: this attack is limited to attacks from trusted IP addresses. Published: 2009-12-31T18:00:00.000Z Updated: 2024-09-17T00:05:31.046Z Open on db.gcve.eu Reference links http://www.securityfocus.com/archive/1/508439 https://support.zabbix.com/browse/ZBX-1032 http://secunia.com/advisories/37740 http://www.vupen.com/english/advisories/2009/3514	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-4501`	vulnerable	2026-06-08 04:51:48.672244	Details available The zbx_get_next_field function in libs/zbxcommon/str.c in Zabbix Server before 1.6.8 allows remote attackers to cause a denial of service (crash) via a request that lacks expected separators, which triggers a NULL pointer dereference, as demonstrated using the Command keyword. Published: 2009-12-31T18:00:00.000Z Updated: 2024-09-17T01:37:01.050Z Open on db.gcve.eu Reference links http://www.securityfocus.com/archive/1/508436/30/60/threaded https://support.zabbix.com/browse/ZBX-1355 http://secunia.com/advisories/37740 http://www.vupen.com/english/advisories/2009/3514	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-4500`	vulnerable	2026-06-08 04:51:48.671708	Details available The process_trap function in trapper/trapper.c in Zabbix Server before 1.6.6 allows remote attackers to cause a denial of service (crash) via a crafted request with data that lacks an expected : (colon) separator, which triggers a NULL pointer dereference. Published: 2009-12-31T18:00:00.000Z Updated: 2024-09-17T01:56:19.933Z Open on db.gcve.eu Reference links http://www.securityfocus.com/archive/1/508436/30/60/threaded https://support.zabbix.com/browse/ZBX-993 http://secunia.com/advisories/37740 http://www.vupen.com/english/advisories/2009/3514	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-4499`	vulnerable	2026-06-08 04:51:48.668894	Details available SQL injection vulnerability in the get_history_lastid function in the nodewatcher component in Zabbix Server before 1.6.8 allows remote attackers to execute arbitrary SQL commands via a crafted request, possibly related to the send_history_last_id function in zabbix_server/trapper/nodehistory.c. Published: 2009-12-31T18:00:00.000Z Updated: 2024-09-16T19:46:23.353Z Open on db.gcve.eu Reference links http://www.securityfocus.com/archive/1/508436/30/60/threaded https://support.zabbix.com/browse/ZBX-1031 http://secunia.com/advisories/37740 http://www.vupen.com/english/advisories/2009/3514	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-4498`	vulnerable	2026-06-08 04:51:48.662159	Details available The node_process_command function in Zabbix Server before 1.8 allows remote attackers to execute arbitrary commands via a crafted request. Published: 2009-12-31T18:00:00.000Z Updated: 2024-08-07T07:08:36.847Z Open on db.gcve.eu Reference links http://www.securityfocus.com/archive/1/508436/30/60/threaded https://support.zabbix.com/browse/ZBX-1030 http://www.openwall.com/lists/oss-security/2010/04/02/1 http://secunia.com/advisories/37740 http://www.vupen.com/english/advisories/2009/3514	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-1353`	vulnerable	2026-06-08 04:50:20.056285	Details available zabbix_agentd in ZABBIX 1.4.4 allows remote attackers to cause a denial of service (CPU and connection consumption) via multiple vfs.file.cksum commands with a special device node such as /dev/urandom or /dev/zero. Published: 2008-03-17T17:00:00.000Z Updated: 2024-08-07T08:17:34.666Z Open on db.gcve.eu Reference links http://www.vupen.com/english/advisories/2008/0878 http://securityreason.com/securityalert/3747 http://www.securityfocus.com/bid/28244 https://exchange.xforce.ibmcloud.com/vulnerabilities/41196 http://secunia.com/advisories/29383	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2007-0640`	vulnerable	2026-06-08 04:49:32.919179	Details available Buffer overflow in ZABBIX before 1.1.5 has unknown impact and attack vectors related to "SNMP IP addresses." Published: 2007-01-31T21:00:00.000Z Updated: 2024-08-07T12:26:53.935Z Open on db.gcve.eu Reference links http://www.zabbix.com/rn1.1.5.php http://www.vupen.com/english/advisories/2007/0416 http://www.securityfocus.com/bid/22321 https://exchange.xforce.ibmcloud.com/vulnerabilities/32038 http://osvdb.org/33081	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-6693`	vulnerable	2026-06-08 04:49:29.492369	Details available Multiple buffer overflows in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via long strings to the (1) zabbix_log and (2) zabbix_syslog functions. Published: 2006-12-21T21:00:00.000Z Updated: 2024-08-07T20:33:59.977Z Open on db.gcve.eu Reference links http://www.vupen.com/english/advisories/2006/3959 http://bugs.debian.org/cgi-bin/bugreport.cgi/zabbix.security.patch?bug=391388%3Bmsg=5%3Batt=1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=391388 http://www.securityfocus.com/bid/20416 http://secunia.com/advisories/22313	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-6692`	vulnerable	2026-06-08 04:49:29.491971	Details available Multiple format string vulnerabilities in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in information that would be recorded in the system log using (1) zabbix_log or (2) zabbix_syslog. Published: 2006-12-21T21:00:00.000Z Updated: 2024-08-07T20:34:00.541Z Open on db.gcve.eu Reference links http://www.vupen.com/english/advisories/2006/3959 http://bugs.debian.org/cgi-bin/bugreport.cgi/zabbix.security.patch?bug=391388%3Bmsg=5%3Batt=1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=391388 http://www.securityfocus.com/bid/20416 http://secunia.com/advisories/22313	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.