Search Results | AttackerKB

185 Total Results

Displaying 111-120 of 185

Attacker Value

Unknown

CVE-2019-9204

Disclosure Date: March 28, 2019 (last updated November 27, 2024)

SQL injection vulnerability in Nagios IM (component of Nagios XI) before 2.2.7 allows attackers to execute arbitrary SQL commands.

Attacker Value

Unknown

CVE-2019-9165

Disclosure Date: March 28, 2019 (last updated November 27, 2024)

SQL injection vulnerability in Nagios XI before 5.5.11 allows attackers to execute arbitrary SQL commands via the API when using fusekeys and malicious user id.

Attack Vector: Network Privileges: None User Interaction: None

Attacker Value

Unknown

CVE-2019-9203

Disclosure Date: March 28, 2019 (last updated November 27, 2024)

Authorization bypass in Nagios IM (component of Nagios XI) before 2.2.7 allows closing incidents in IM via the API.

Attack Vector: Network Privileges: None User Interaction: None

Attacker Value

Unknown

CVE-2019-9164

Disclosure Date: March 28, 2019 (last updated November 27, 2024)

Command injection in Nagios XI before 5.5.11 allows an authenticated users to execute arbitrary remote commands via a new autodiscovery job.

Attack Vector: Network Privileges: Low User Interaction: None

Attacker Value

Unknown

CVE-2018-18245

Disclosure Date: December 17, 2018 (last updated November 27, 2024)

Nagios Core 4.4.2 has XSS via the alert summary reports of plugin results, as demonstrated by a SCRIPT element delivered by a modified check_load plugin to NRPE.

Attacker Value

Unknown

CVE-2018-20171

Disclosure Date: December 17, 2018 (last updated November 27, 2024)

An issue was discovered in Nagios XI before 5.5.8. The url parameter of rss_dashlet/magpierss/scripts/magpie_simple.php is not filtered, resulting in an XSS vulnerability.

Attacker Value

Unknown

CVE-2018-20172

Disclosure Date: December 17, 2018 (last updated November 27, 2024)

An issue was discovered in Nagios XI before 5.5.8. The rss_url parameter of rss_dashlet/magpierss/scripts/magpie_slashbox.php is not filtered, resulting in an XSS vulnerability.

Attacker Value

Unknown

CVE-2018-15708

Disclosure Date: November 14, 2018 (last updated October 06, 2023)

Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request.

Attacker Value

Unknown

CVE-2018-15712

Disclosure Date: November 14, 2018 (last updated November 27, 2024)

Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the host parameter in api_tool.php.

Attacker Value

Unknown

CVE-2018-15709

Disclosure Date: November 14, 2018 (last updated November 27, 2024)

Nagios XI 5.5.6 allows remote authenticated attackers to execute arbitrary commands via a crafted HTTP request.

185 Total Results

Displaying 111-120 of 185

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Quick Cookie Notification