Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nagios nagios vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2020-28910
Creation of a Temporary Directory with Insecure Permissions in Nagios XI 5.7.5 and previous versions allows for Privilege Escalation via creation of symlinks, which are mishandled in getprofile.sh.
Nagios Nagios Xi
NA
CVE-2022-38248
Nagios XI before v5.8.7 exists to contain multiple cross-site scripting (XSS) vulnerabilities at auditlog.php.
Nagios Nagios Xi
NA
CVE-2022-38254
Nagios XI before v5.8.7 exists to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.
Nagios Nagios Xi
4.3
CVSSv2
CVE-2018-13458
qh_core in Nagios Core 4.4.1 and previous versions is prone to a NULL pointer dereference vulnerability, which allows malicious users to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
Nagios Nagios Core
1 EDB exploit
6.5
CVSSv2
CVE-2020-24899
Nagios XI 5.7.2 is affected by a remote code execution (RCE) vulnerability. An authenticated user can inject additional commands into normal webapp query.
Nagios Nagios Xi 5.7.2
7.5
CVSSv2
CVE-2018-15708
Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated malicious users to execute arbitrary commands via a crafted HTTP request.
Nagios Nagios Xi 5.5.6
2 EDB exploits
2 Metasploit modules
1 Github repository
4
CVSSv2
CVE-2018-10553
An issue exists in Nagios XI 5.4.13. A registered user is able to use directory traversal to read local files, as demonstrated by URIs beginning with index.php?xiwindow=./ and config/?xiwindow=../ substrings.
Nagios Nagios Xi 5.4.13
3.5
CVSSv2
CVE-2018-10554
An issue exists in Nagios XI 5.4.13. There is XSS exploitable via CSRF in (1) the Schedule New Report screen via the hour, minute, or ampm parameter, related to components/scheduledreporting; (2) includes/components/xicore/downtime.php, related to the update_pages function; (3) t...
Nagios Nagios Xi 5.4.13
7.2
CVSSv2
CVE-2021-40343
An issue exists in Nagios XI 5.8.5. Insecure file permissions on the nagios_unbundler.py file allow the nagios user to elevate their privileges to the root user.
Nagios Nagios Xi 5.8.5
9
CVSSv2
CVE-2021-40345
An issue exists in Nagios XI 5.8.5. In the Manage Dashlets section of the Admin panel, an administrator can upload ZIP files. A command injection (within the name of the first file in the archive) allows an malicious user to execute system commands.
Nagios Nagios Xi 5.8.5
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
7
8
9
10
NEXT »