Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nagios nagios vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2020-28900
Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and previous versions and Nagios XI 5.7.5 and previous versions allows for Escalation of Privileges or Code Execution as root via vectors related to an untrusted update package to upgrade_to_latest.sh.
Nagios Fusion
Nagios Nagios Xi
10
CVSSv2
CVE-2020-28901
Command Injection in Nagios Fusion 4.1.8 and previous versions allows for Privilege Escalation or Code Execution as root via vectors related to corrupt component installation in cmd_subsys.php.
Nagios Fusion
10
CVSSv2
CVE-2020-28902
Command Injection in Nagios Fusion 4.1.8 and previous versions allows Privilege Escalation from apache to root in cmd_subsys.php.
Nagios Fusion
10
CVSSv2
CVE-2020-28907
Incorrect SSL certificate validation in Nagios Fusion 4.1.8 and previous versions allows for Escalation of Privileges or Code Execution as root via vectors related to download of an untrusted update package in upgrade_to_latest.sh.
Nagios Fusion
10
CVSSv2
CVE-2020-28910
Creation of a Temporary Directory with Insecure Permissions in Nagios XI 5.7.5 and previous versions allows for Privilege Escalation via creation of symlinks, which are mishandled in getprofile.sh.
Nagios Nagios Xi
10
CVSSv2
CVE-2020-15903
An issue was found in Nagios XI prior to 5.7.3. There is a privilege escalation vulnerability in backend scripts that ran as root where some included files were editable by nagios user. This issue was fixed in version 5.7.3.
Nagios Nagios Xi
10
CVSSv2
CVE-2008-4796
The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and previous versions, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote malicious users to execute arbitrary commands vi...
Snoopy Project Snoopy
Debian Debian Linux 4.0
Debian Debian Linux 5.0
Nagios Nagios
Wordpress Wordpress
10
CVSSv2
CVE-2002-1959
Nagios 1.0b1 up to and including 1.0b3 allows remote malicious users to execute arbitrary commands via shell metacharacters in plugin output.
Nagios Nagios 1.0 B2
Nagios Nagios 1.0 B3
Nagios Nagios 1.0 B1
9.3
CVSSv2
CVE-2018-16145
The /etc/init.d/opsview-reporting-module script that runs at boot time in Opsview Monitor prior to 5.3.1 and 5.4.x prior to 5.4.2 invokes a file that can be edited by the nagios user, and would allow malicious users to elevate their privileges to root after a system restart, henc...
Opsview Opsview
9
CVSSv2
CVE-2021-40345
An issue exists in Nagios XI 5.8.5. In the Manage Dashlets section of the Admin panel, an administrator can upload ZIP files. A command injection (within the name of the first file in the archive) allows an malicious user to execute system commands.
Nagios Nagios Xi 5.8.5
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »