VYPR

Nagios

by Nagios

Source repositories

CVEs (124)

  • CVE-2018-17148Jun 19, 2019
    risk 0.00cvss epss 0.04

    An Insufficient Access Control vulnerability (leading to credential disclosure) in coreconfigsnapshot.php (aka configuration snapshot page) in Nagios XI before 5.5.4 allows remote attackers to gain access to configuration files containing confidential credentials.

  • CVE-2019-9166Mar 28, 2019
    risk 0.00cvss epss 0.01

    Privilege escalation in Nagios XI before 5.5.11 allows local attackers to elevate privileges to root via write access to config.inc.php and import_xiconfig.php.

  • CVE-2019-9203Mar 28, 2019
    risk 0.00cvss epss 0.20

    Authorization bypass in Nagios IM (component of Nagios XI) before 2.2.7 allows closing incidents in IM via the API.

  • CVE-2019-9204Mar 28, 2019
    risk 0.00cvss epss 0.20

    SQL injection vulnerability in Nagios IM (component of Nagios XI) before 2.2.7 allows attackers to execute arbitrary SQL commands.

  • CVE-2018-20172Dec 17, 2018
    risk 0.00cvss epss 0.02

    An issue was discovered in Nagios XI before 5.5.8. The rss_url parameter of rss_dashlet/magpierss/scripts/magpie_slashbox.php is not filtered, resulting in an XSS vulnerability.

  • CVE-2018-18245Dec 17, 2018
    risk 0.00cvss epss 0.03

    Nagios Core 4.4.2 has XSS via the alert summary reports of plugin results, as demonstrated by a SCRIPT element delivered by a modified check_load plugin to NRPE.

  • CVE-2018-20171Dec 17, 2018
    risk 0.00cvss epss 0.02

    An issue was discovered in Nagios XI before 5.5.8. The url parameter of rss_dashlet/magpierss/scripts/magpie_simple.php is not filtered, resulting in an XSS vulnerability.

  • CVE-2018-15713Nov 14, 2018
    risk 0.00cvss epss 0.07

    Nagios XI 5.5.6 allows persistent cross site scripting from remote authenticated attackers via the stored email address in admin/users.php.

  • CVE-2014-4702Dec 5, 2014
    risk 0.00cvss epss 0.00

    The check_icmp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4701.

  • CVE-2014-4701Dec 5, 2014
    risk 0.00cvss epss 0.01

    The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4702.

  • CVE-2014-1878Feb 28, 2014
    risk 0.00cvss epss 0.03

    Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a denial of service (segmentation fault) via a long message to…

  • CVE-2013-2214Feb 10, 2014
    risk 0.00cvss epss 0.04

    status.cgi in Nagios 4.0 before 4.0 beta4 and 3.x before 3.5.1 does not properly restrict access to certain users that are a contact for a service, which allows remote authenticated users to obtain sensitive information about hostnames via the servicegroup (1) overview, (2)…

  • CVE-2013-7205Jan 15, 2014
    risk 0.00cvss epss 0.04

    Off-by-one error in the process_cgivars function in contrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in…

  • CVE-2013-4214Nov 23, 2013
    risk 0.00cvss epss 0.00

    rss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when MAGPIE_CACHE_ON is set to 1, allows local users to overwrite arbitrary files via a symlink attack on /tmp/magpie_cache.

  • CVE-2011-1523May 3, 2011
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in statusmap.c in statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the layer parameter.

  • CVE-2008-6373Mar 2, 2009
    risk 0.00cvss epss 0.05

    Unspecified vulnerability in Nagios before 3.0.6 has unspecified impact and remote attack vectors related to CGI programs, "adaptive external commands," and "writing newlines and submitting service comments."

  • CVE-2008-5028Nov 10, 2008
    risk 0.00cvss epss 0.02

    Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests.

  • CVE-2008-4796Oct 30, 2008
    risk 0.00cvss epss 0.09

    The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell…

  • CVE-2007-5803May 13, 2008
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in CGI programs in Nagios before 2.12 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-5624 and CVE-2008-1360.

  • CVE-2008-1360Mar 17, 2008
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Nagios before 2.11 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts, a different issue than CVE-2007-5624.

Page 6 of 7