Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nagios vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2021-37352
An open redirect vulnerability exists in Nagios XI before version 5.8.5 that could lead to spoofing. To exploit the vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link.
Nagios Nagios Xi
7.2
CVSSv3
CVE-2018-10735
A SQL injection issue exists in Nagios XI prior to 5.4.13 via the admin/commandline.php cname parameter.
Nagios Nagios Xi
7.2
CVSSv3
CVE-2018-10737
A SQL injection issue exists in Nagios XI prior to 5.4.13 via the admin/logbook.php txtSearch parameter.
Nagios Nagios Xi
6.5
CVSSv3
CVE-2021-37223
Nagios Enterprises NagiosXI <= 5.8.4 contains a Server-Side Request Forgery (SSRF) vulnerability in schedulereport.php. Any authenticated user can create scheduled reports containing PDF screenshots of any view in the NagiosXI application. Due to lack of input sanitisation, th...
Nagios Nagios Xi
8.8
CVSSv3
CVE-2021-37343
A path traversal vulnerability exists in Nagios XI below version 5.8.5 AutoDiscovery component and could lead to post authenticated RCE under security context of the user running Nagios.
Nagios Nagios Xi
1 Metasploit module
5.3
CVSSv3
CVE-2021-37351
Nagios XI before version 5.8.5 is vulnerable to insecure permissions and allows unauthenticated users to access guarded pages through a crafted HTTP request to the server.
Nagios Nagios Xi
NA
CVE-2014-4703
lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4701.
Nagios Nagios 2.0.2
1 EDB exploit
4.3
CVSSv3
CVE-2022-29270
In Nagios XI up to and including 5.8.5, it is possible for a user without password verification to change his e-mail address.
Nagios Nagios Xi
6.5
CVSSv3
CVE-2020-6584
Nagios Log Server 2.1.3 has Incorrect Access Control.
Nagios Nagios 2.1.3
5.4
CVSSv3
CVE-2020-6586
Nagios Log Server 2.1.3 allows XSS by visiting /profile and entering a crafted name field that is mishandled on the /admin/users page. Any malicious user with limited access can store an XSS payload in his Name. When any admin views this, the XSS is triggered.
Nagios Nagios 2.1.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code execution
CVE-2024-34909
CVE-2024-3317
SSTI
CVE-2024-3400
CVE-2024-30051
wireless
CVE-2024-4622
CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »