Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nagios nagios vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2020-15901
In Nagios XI prior to 5.7.3, ajaxhelper.php allows remote authenticated malicious users to execute arbitrary commands via cmdsubsys.
Nagios Nagios Xi
9.8
CVSSv3
CVE-2018-8733
Authentication bypass vulnerability in the core config manager in Nagios XI 5.2.x up to and including 5.4.x prior to 5.4.13 allows an unauthenticated malicious user to make configuration changes and leverage an authenticated SQL injection vulnerability.
Nagios Nagios Xi
2 EDB exploits
1 Github repository
9.8
CVSSv3
CVE-2018-8734
SQL injection vulnerability in the core config manager in Nagios XI 5.2.x up to and including 5.4.x prior to 5.4.13 allows an malicious user to execute arbitrary SQL commands via the selInfoKey1 parameter.
Nagios Nagios Xi
2 EDB exploits
1 Github repository
8.8
CVSSv3
CVE-2018-8735
Remote command execution (RCE) vulnerability in Nagios XI 5.2.x up to and including 5.4.x prior to 5.4.13 allows an malicious user to execute arbitrary commands on the target system, aka OS command injection.
Nagios Nagios Xi
2 EDB exploits
1 Github repository
8.8
CVSSv3
CVE-2018-8736
A privilege escalation vulnerability in Nagios XI 5.2.x up to and including 5.4.x prior to 5.4.13 allows an malicious user to leverage an RCE vulnerability escalating to root.
Nagios Nagios Xi
2 EDB exploits
1 Github repository
6.1
CVSSv3
CVE-2018-20171
An issue exists in Nagios XI prior to 5.5.8. The url parameter of rss_dashlet/magpierss/scripts/magpie_simple.php is not filtered, resulting in an XSS vulnerability.
Nagios Nagios Xi
6.1
CVSSv3
CVE-2018-20172
An issue exists in Nagios XI prior to 5.5.8. The rss_url parameter of rss_dashlet/magpierss/scripts/magpie_slashbox.php is not filtered, resulting in an XSS vulnerability.
Nagios Nagios Xi
5.5
CVSSv3
CVE-2018-13457
qh_echo in Nagios Core 4.4.1 and previous versions is prone to a NULL pointer dereference vulnerability, which allows malicious users to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
Nagios Nagios Core
1 EDB exploit
5.5
CVSSv3
CVE-2018-13458
qh_core in Nagios Core 4.4.1 and previous versions is prone to a NULL pointer dereference vulnerability, which allows malicious users to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
Nagios Nagios Core
1 EDB exploit
8.8
CVSSv3
CVE-2019-15949
Nagios XI prior to 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh script, invoked by downloading a system profile (profile.php?cmd=download), is exec...
Nagios Nagios Xi
1 EDB exploit
4 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »