Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nagios nagios xi 5.5.6 vulnerabilities and exploits
(subscribe to this query)
9
CVSSv2
CVE-2021-25296
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which c...
Nagios Nagios Xi 5.7.5
1 Metasploit module
1 Github repository
9
CVSSv2
CVE-2021-25297
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead ...
Nagios Nagios Xi 5.7.5
1 Metasploit module
1 Github repository
9
CVSSv2
CVE-2021-25298
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can l...
Nagios Nagios Xi 5.7.5
1 Metasploit module
1 Github repository
7.5
CVSSv2
CVE-2018-15708
Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated malicious users to execute arbitrary commands via a crafted HTTP request.
Nagios Nagios Xi 5.5.6
2 EDB exploits
2 Metasploit modules
1 Github repository
7.2
CVSSv2
CVE-2018-15710
Nagios XI 5.5.6 allows local authenticated malicious users to escalate privileges to root via Autodiscover_new.php.
Nagios Nagios Xi 5.5.6
2 EDB exploits
2 Metasploit modules
6.5
CVSSv2
CVE-2018-15709
Nagios XI 5.5.6 allows remote authenticated malicious users to execute arbitrary commands via a crafted HTTP request.
Nagios Nagios Xi 5.5.6
6.5
CVSSv2
CVE-2018-15711
Nagios XI 5.5.6 allows remote authenticated malicious users to reset and regenerate the API key of more privileged users. The attacker can then use the new API key to execute API calls at elevated privileges.
Nagios Nagios Xi 5.5.6
4.3
CVSSv2
CVE-2018-15714
Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the oname and oname2 parameters.
Nagios Nagios Xi 5.5.6
4.3
CVSSv2
CVE-2018-15712
Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the host parameter in api_tool.php.
Nagios Nagios Xi 5.5.6
3.5
CVSSv2
CVE-2018-15713
Nagios XI 5.5.6 allows persistent cross site scripting from remote authenticated attackers via the stored email address in admin/users.php.
Nagios Nagios Xi 5.5.6
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started