Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nagios nagios xi vulnerabilities and exploits
(subscribe to this query)
9
CVSSv2
CVE-2020-35578
An issue exists in the Manage Plugins page in Nagios XI prior to 5.8.0. Because the line-ending conversion feature is mishandled during a plugin upload, a remote, authenticated admin user can execute operating-system commands.
Nagios Nagios Xi
1 Metasploit module
7.5
CVSSv2
CVE-2019-9165
SQL injection vulnerability in Nagios XI prior to 5.5.11 allows malicious users to execute arbitrary SQL commands via the API when using fusekeys and malicious user id.
Nagios Nagios Xi
4.3
CVSSv2
CVE-2019-9167
Cross-site scripting (XSS) vulnerability in Nagios XI prior to 5.5.11 allows malicious users to inject arbitrary web script or HTML via the xiwindow parameter.
Nagios Nagios Xi
5
CVSSv2
CVE-2021-37348
Nagios XI before version 5.8.5 is vulnerable to local file inclusion through improper limitation of a pathname in index.php.
Nagios Nagios Xi
5
CVSSv2
CVE-2021-37351
Nagios XI before version 5.8.5 is vulnerable to insecure permissions and allows unauthenticated users to access guarded pages through a crafted HTTP request to the server.
Nagios Nagios Xi
NA
CVE-2022-38248
Nagios XI before v5.8.7 exists to contain multiple cross-site scripting (XSS) vulnerabilities at auditlog.php.
Nagios Nagios Xi
9
CVSSv2
CVE-2019-15949
Nagios XI prior to 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh script, invoked by downloading a system profile (profile.php?cmd=download), is exec...
Nagios Nagios Xi
1 EDB exploit
4 Github repositories
4
CVSSv2
CVE-2022-29269
In Nagios XI up to and including 5.8.5, in the schedule report function, an authenticated attacker is able to inject HTML tags that lead to the reformatting/editing of emails from an official email address.
Nagios Nagios Xi
4
CVSSv2
CVE-2022-29270
In Nagios XI up to and including 5.8.5, it is possible for a user without password verification to change his e-mail address.
Nagios Nagios Xi
5.8
CVSSv2
CVE-2022-29272
In Nagios XI up to and including 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing.
Nagios Nagios Xi
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »