Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nagios nagios vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-28910
Creation of a Temporary Directory with Insecure Permissions in Nagios XI 5.7.5 and previous versions allows for Privilege Escalation via creation of symlinks, which are mishandled in getprofile.sh.
Nagios Nagios Xi
9.8
CVSSv3
CVE-2018-17148
An Insufficient Access Control vulnerability (leading to credential disclosure) in coreconfigsnapshot.php (aka configuration snapshot page) in Nagios XI prior to 5.5.4 allows remote malicious users to gain access to configuration files containing confidential credentials.
Nagios Nagios Xi
5.4
CVSSv3
CVE-2018-17146
A cross-site scripting vulnerability exists in Nagios XI prior to 5.5.4 via the 'name' parameter within the Account Information page. Exploitation of this vulnerability allows an malicious user to execute arbitrary JavaScript code within the auto login admin management ...
Nagios Nagios Xi
7.2
CVSSv3
CVE-2018-10737
A SQL injection issue exists in Nagios XI prior to 5.4.13 via the admin/logbook.php txtSearch parameter.
Nagios Nagios Xi
7.8
CVSSv3
CVE-2021-37345
Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because xi-sys.cfg is being imported from the var directory for some scripts with elevated permissions.
Nagios Nagios Xi
9.8
CVSSv3
CVE-2018-8733
Authentication bypass vulnerability in the core config manager in Nagios XI 5.2.x up to and including 5.4.x prior to 5.4.13 allows an unauthenticated malicious user to make configuration changes and leverage an authenticated SQL injection vulnerability.
Nagios Nagios Xi
2 EDB exploits
1 Github repository
9.8
CVSSv3
CVE-2018-8734
SQL injection vulnerability in the core config manager in Nagios XI 5.2.x up to and including 5.4.x prior to 5.4.13 allows an malicious user to execute arbitrary SQL commands via the selInfoKey1 parameter.
Nagios Nagios Xi
2 EDB exploits
1 Github repository
8.8
CVSSv3
CVE-2018-8736
A privilege escalation vulnerability in Nagios XI 5.2.x up to and including 5.4.x prior to 5.4.13 allows an malicious user to leverage an RCE vulnerability escalating to root.
Nagios Nagios Xi
2 EDB exploits
1 Github repository
7.2
CVSSv3
CVE-2020-5791
Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user.
Nagios Nagios Xi
1 Metasploit module
8.8
CVSSv3
CVE-2020-15901
In Nagios XI prior to 5.7.3, ajaxhelper.php allows remote authenticated malicious users to execute arbitrary commands via cmdsubsys.
Nagios Nagios Xi
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »