Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nagios nagios xi vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-37346
Nagios XI WatchGuard Wizard before version 1.4.8 is vulnerable to remote code execution through Improper neutralisation of special elements used in an OS Command (OS Command injection).
Nagios Nagios Xi Watchguard Wizard
9.8
CVSSv3
CVE-2020-28900
Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and previous versions and Nagios XI 5.7.5 and previous versions allows for Escalation of Privileges or Code Execution as root via vectors related to an untrusted update package to upgrade_to_latest.sh.
Nagios Fusion
Nagios Nagios Xi
9.8
CVSSv3
CVE-2020-28910
Creation of a Temporary Directory with Insecure Permissions in Nagios XI 5.7.5 and previous versions allows for Privilege Escalation via creation of symlinks, which are mishandled in getprofile.sh.
Nagios Nagios Xi
9.8
CVSSv3
CVE-2021-3193
Improper access and command validation in the Nagios Docker Config Wizard prior to 1.1.2, as used in Nagios XI up to and including 5.7, allows an unauthenticated malicious user to execute remote code as the apache user.
Nagios Nagios Xi
9.8
CVSSv3
CVE-2020-15903
An issue was found in Nagios XI prior to 5.7.3. There is a privilege escalation vulnerability in backend scripts that ran as root where some included files were editable by nagios user. This issue was fixed in version 5.7.3.
Nagios Nagios Xi
9.8
CVSSv3
CVE-2018-17148
An Insufficient Access Control vulnerability (leading to credential disclosure) in coreconfigsnapshot.php (aka configuration snapshot page) in Nagios XI prior to 5.5.4 allows remote malicious users to gain access to configuration files containing confidential credentials.
Nagios Nagios Xi
9.8
CVSSv3
CVE-2019-12279
Nagios XI 5.6.1 allows SQL injection via the username parameter to login.php?forgotpass (aka the reset password form). NOTE: The vendor disputes this issues as not being a vulnerability because the issue does not seem to be a legitimate SQL Injection. The POC does not show any va...
Nagios Nagios Xi 5.6.1
1 EDB exploit
9.8
CVSSv3
CVE-2019-9165
SQL injection vulnerability in Nagios XI prior to 5.5.11 allows malicious users to execute arbitrary SQL commands via the API when using fusekeys and malicious user id.
Nagios Nagios Xi
9.8
CVSSv3
CVE-2019-9203
Authorization bypass in Nagios IM (component of Nagios XI) prior to 2.2.7 allows closing incidents in IM via the API.
Nagios Incident Manager
1 Github repository
9.8
CVSSv3
CVE-2019-9204
SQL injection vulnerability in Nagios IM (component of Nagios XI) prior to 2.2.7 allows malicious users to execute arbitrary SQL commands.
Nagios Incident Manager
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »