Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nagios nagios vulnerabilities and exploits
(subscribe to this query)
802
VMScore
CVE-2019-20197
In Nagios XI 5.6.9, an authenticated user is able to execute arbitrary OS commands via shell metacharacters in the id parameter to schedulereport.php, in the context of the web-server user account.
Nagios Nagios Xi 5.6.9
2 Github repositories
801
VMScore
CVE-2021-40345
An issue exists in Nagios XI 5.8.5. In the Manage Dashlets section of the Admin panel, an administrator can upload ZIP files. A command injection (within the name of the first file in the archive) allows an malicious user to execute system commands.
Nagios Nagios Xi 5.8.5
1 Github repository
801
VMScore
CVE-2020-28906
Incorrect File Permissions in Nagios XI 5.7.5 and previous versions and Nagios Fusion 4.1.8 and previous versions allows for Privilege Escalation to root. Low-privileged users are able to modify files that are included (aka sourced) by scripts executed by root.
Nagios Fusion
Nagios Nagios Xi
801
VMScore
CVE-2020-28909
Incorrect File Permissions in Nagios Fusion 4.1.8 and previous versions allows for Privilege Escalation to root via modification of scripts. Low-privileges users are able to modify files that can be executed by sudo.
Nagios Fusion
801
VMScore
CVE-2020-28648
Improper input validation in the Auto-Discovery component of Nagios XI prior to 5.7.5 allows an authenticated malicious user to execute remote code.
Nagios Nagios Xi
801
VMScore
CVE-2018-16146
The web management console of Opsview Monitor 5.4.x prior to 5.4.2 provides functionality accessible by an authenticated administrator to test notifications that are triggered under certain configurable events. The value parameter is not properly sanitized, leading to arbitrary c...
Opsview Opsview
765
VMScore
CVE-2009-2288
statuswml.cgi in Nagios prior to 3.1.1 allows remote malicious users to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters.
Nagios Nagios 2.0b4
Nagios Nagios 2.10
Nagios Nagios 3.0.3
Nagios Nagios 3.0.2
Nagios Nagios 3.0
Nagios Nagios 1.0b4
Nagios Nagios 1.1
Nagios Nagios 1.4.1
Nagios Nagios 2.0
Nagios Nagios 3.0.6
Nagios Nagios 3.0.4
Nagios Nagios
Nagios Nagios 1.0
Nagios Nagios 1.0b1
Nagios Nagios 1.0b2
Nagios Nagios 2.7
Nagios Nagios 3.0.5
Nagios Nagios 3.0.1
3 EDB exploits
760
VMScore
CVE-2018-8733
Authentication bypass vulnerability in the core config manager in Nagios XI 5.2.x up to and including 5.4.x prior to 5.4.13 allows an unauthenticated malicious user to make configuration changes and leverage an authenticated SQL injection vulnerability.
Nagios Nagios Xi
2 EDB exploits
1 Github repository
760
VMScore
CVE-2018-8734
SQL injection vulnerability in the core config manager in Nagios XI 5.2.x up to and including 5.4.x prior to 5.4.13 allows an malicious user to execute arbitrary SQL commands via the selInfoKey1 parameter.
Nagios Nagios Xi
2 EDB exploits
1 Github repository
760
VMScore
CVE-2014-2913
Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and previous versions allows remote malicious users to execute arbitrary commands via a newline character in the -a option to libexec/check_nrpe. NOTE: this issue is disputed by multiple par...
Opensuse Opensuse 12.3
Opensuse Opensuse 11.4
Nagios Remote Plugin Executor
Opensuse Opensuse 13.1
2 EDB exploits
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »