Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nagios xi vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2018-10736
A SQL injection issue exists in Nagios XI prior to 5.4.13 via the admin/info.php key1 parameter.
Nagios Nagios Xi
7.2
CVSSv3
CVE-2018-10737
A SQL injection issue exists in Nagios XI prior to 5.4.13 via the admin/logbook.php txtSearch parameter.
Nagios Nagios Xi
7.2
CVSSv3
CVE-2018-10738
A SQL injection issue exists in Nagios XI prior to 5.4.13 via the admin/menuaccess.php chbKey1 parameter.
Nagios Nagios Xi
7.2
CVSSv3
CVE-2021-3273
Nagios XI below 5.7 is affected by code injection in the /nagiosxi/admin/graphtemplates.php component. To exploit this vulnerability, someone must have an admin user account in Nagios XI's web system.
Nagios Nagios Xi
7.2
CVSSv3
CVE-2021-3277
Nagios XI 5.7.5 and previous versions allows authenticated admins to upload arbitrary files due to improper validation of the rename functionality in custom-includes component, which leads to remote code execution by uploading php files.
Nagios Nagios Xi
9.8
CVSSv3
CVE-2020-28910
Creation of a Temporary Directory with Insecure Permissions in Nagios XI 5.7.5 and previous versions allows for Privilege Escalation via creation of symlinks, which are mishandled in getprofile.sh.
Nagios Nagios Xi
5.4
CVSSv3
CVE-2021-38156
In Nagios XI prior to 5.8.6, XSS exists in the dashboard page (/dashboards/#) when administrative users attempt to edit a dashboard.
Nagios Nagios Xi
8.8
CVSSv3
CVE-2020-15901
In Nagios XI prior to 5.7.3, ajaxhelper.php allows remote authenticated malicious users to execute arbitrary commands via cmdsubsys.
Nagios Nagios Xi
6.1
CVSSv3
CVE-2020-15902
Graph Explorer in Nagios XI prior to 5.7.2 allows XSS via the link url option.
Nagios Nagios Xi
9.8
CVSSv3
CVE-2020-15903
An issue was found in Nagios XI prior to 5.7.3. There is a privilege escalation vulnerability in backend scripts that ran as root where some included files were editable by nagios user. This issue was fixed in version 5.7.3.
Nagios Nagios Xi
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
denial of service
CVE-2024-27371
CVE-2024-20405
CVE-2024-31627
CVE-2024-31625
race condition
CVE-2024-4358
cross-site scripting
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »