Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nagios vulnerabilities and exploits
(subscribe to this query)
4.6
CVSSv2
CVE-2021-37347
Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because getprofile.sh does not validate the directory name it receives as an argument.
Nagios Nagios Xi
7.5
CVSSv2
CVE-2021-37350
Nagios XI before version 5.8.5 is vulnerable to SQL injection vulnerability in Bulk Modifications Tool due to improper input sanitisation.
Nagios Nagios Xi
5
CVSSv2
CVE-2021-37351
Nagios XI before version 5.8.5 is vulnerable to insecure permissions and allows unauthenticated users to access guarded pages through a crafted HTTP request to the server.
Nagios Nagios Xi
5.8
CVSSv2
CVE-2021-37352
An open redirect vulnerability exists in Nagios XI before version 5.8.5 that could lead to spoofing. To exploit the vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link.
Nagios Nagios Xi
9
CVSSv2
CVE-2021-3273
Nagios XI below 5.7 is affected by code injection in the /nagiosxi/admin/graphtemplates.php component. To exploit this vulnerability, someone must have an admin user account in Nagios XI's web system.
Nagios Nagios Xi
6.5
CVSSv2
CVE-2021-3277
Nagios XI 5.7.5 and previous versions allows authenticated admins to upload arbitrary files due to improper validation of the rename functionality in custom-includes component, which leads to remote code execution by uploading php files.
Nagios Nagios Xi
7.5
CVSSv2
CVE-2018-8733
Authentication bypass vulnerability in the core config manager in Nagios XI 5.2.x up to and including 5.4.x prior to 5.4.13 allows an unauthenticated malicious user to make configuration changes and leverage an authenticated SQL injection vulnerability.
Nagios Nagios Xi
2 EDB exploits
1 Github repository
7.5
CVSSv2
CVE-2018-8734
SQL injection vulnerability in the core config manager in Nagios XI 5.2.x up to and including 5.4.x prior to 5.4.13 allows an malicious user to execute arbitrary SQL commands via the selInfoKey1 parameter.
Nagios Nagios Xi
2 EDB exploits
1 Github repository
9
CVSSv2
CVE-2018-8735
Remote command execution (RCE) vulnerability in Nagios XI 5.2.x up to and including 5.4.x prior to 5.4.13 allows an malicious user to execute arbitrary commands on the target system, aka OS command injection.
Nagios Nagios Xi
2 EDB exploits
1 Github repository
9
CVSSv2
CVE-2018-8736
A privilege escalation vulnerability in Nagios XI 5.2.x up to and including 5.4.x prior to 5.4.13 allows an malicious user to leverage an RCE vulnerability escalating to root.
Nagios Nagios Xi
2 EDB exploits
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36954
CVE-2024-36933
CVE-2024-24919
CVE-2024-36923
CVE-2024-2961
CVE-2024-36925
bypass
encryption
command injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »