Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nagios xi vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2022-29270
In Nagios XI up to and including 5.8.5, it is possible for a user without password verification to change his e-mail address.
Nagios Nagios Xi
7.2
CVSSv2
CVE-2021-40343
An issue exists in Nagios XI 5.8.5. Insecure file permissions on the nagios_unbundler.py file allow the nagios user to elevate their privileges to the root user.
Nagios Nagios Xi 5.8.5
9
CVSSv2
CVE-2021-40345
An issue exists in Nagios XI 5.8.5. In the Manage Dashlets section of the Admin panel, an administrator can upload ZIP files. A command injection (within the name of the first file in the archive) allows an malicious user to execute system commands.
Nagios Nagios Xi 5.8.5
1 Github repository
6.5
CVSSv2
CVE-2021-40344
An issue exists in Nagios XI 5.8.5. In the Custom Includes section of the Admin panel, an administrator can upload files with arbitrary extensions as long as the MIME type corresponds to an image. Therefore it is possible to upload a crafted PHP script to achieve remote command e...
Nagios Nagios Xi 5.8.5
4.3
CVSSv2
CVE-2021-33179
The general user interface in Nagios XI versions before 5.8.4 is vulnerable to authenticated reflected cross-site scripting. An authenticated victim, who accesses a specially crafted malicious URL, would unknowingly execute the attached payload.
Nagios Nagios Xi
6.5
CVSSv2
CVE-2021-33177
The Bulk Modifications functionality in Nagios XI versions before 5.8.5 is vulnerable to SQL injection. Exploitation requires the malicious actor to be authenticated to the vulnerable system, but once authenticated they would be able to execute arbitrary sql queries.
Nagios Nagios Xi
4
CVSSv2
CVE-2021-37223
Nagios Enterprises NagiosXI <= 5.8.4 contains a Server-Side Request Forgery (SSRF) vulnerability in schedulereport.php. Any authenticated user can create scheduled reports containing PDF screenshots of any view in the NagiosXI application. Due to lack of input sanitisation, th...
Nagios Nagios Xi
7.5
CVSSv2
CVE-2021-36363
Nagios XI prior to 5.8.5 has Incorrect Permission Assignment for migrate.php.
Nagios Nagios Xi
7.5
CVSSv2
CVE-2021-36364
Nagios XI prior to 5.8.5 incorrectly allows backup_xi.sh wildcards.
Nagios Nagios Xi
7.5
CVSSv2
CVE-2021-36366
Nagios XI prior to 5.8.5 incorrectly allows manage_services.sh wildcards.
Nagios Nagios Xi
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »