Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nagios xi vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2021-3193
Improper access and command validation in the Nagios Docker Config Wizard prior to 1.1.2, as used in Nagios XI up to and including 5.7, allows an unauthenticated malicious user to execute remote code as the apache user.
Nagios Nagios Xi
9
CVSSv2
CVE-2019-15949
Nagios XI prior to 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh script, invoked by downloading a system profile (profile.php?cmd=download), is exec...
Nagios Nagios Xi
1 EDB exploit
4 Github repositories
5
CVSSv2
CVE-2021-37348
Nagios XI before version 5.8.5 is vulnerable to local file inclusion through improper limitation of a pathname in index.php.
Nagios Nagios Xi
4.6
CVSSv2
CVE-2021-37349
Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because cleaner.php does not sanitise input read from the database.
Nagios Nagios Xi
7.5
CVSSv2
CVE-2021-36364
Nagios XI prior to 5.8.5 incorrectly allows backup_xi.sh wildcards.
Nagios Nagios Xi
7.5
CVSSv2
CVE-2021-36366
Nagios XI prior to 5.8.5 incorrectly allows manage_services.sh wildcards.
Nagios Nagios Xi
6.5
CVSSv2
CVE-2019-9164
Command injection in Nagios XI prior to 5.5.11 allows an authenticated users to execute arbitrary remote commands via a new autodiscovery job.
Nagios Nagios Xi
7.2
CVSSv2
CVE-2019-9166
Privilege escalation in Nagios XI prior to 5.5.11 allows local malicious users to elevate privileges to root via write access to config.inc.php and import_xiconfig.php.
Nagios Nagios Xi
1 Github repository
3.5
CVSSv2
CVE-2018-17147
Nagios XI prior to 5.5.4 has XSS in the auto login admin management page.
Nagios Nagios Xi
9
CVSSv2
CVE-2020-28648
Improper input validation in the Auto-Discovery component of Nagios XI prior to 5.7.5 allows an authenticated malicious user to execute remote code.
Nagios Nagios Xi
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »