5 results (0.010 seconds)

CVSS: 5.0EPSS: 0%CPEs: 29EXPL: 0

Unspecified vulnerability in op5 Monitor before 6.1.3 allows attackers to read arbitrary files via unknown vectors related to lack of authorization. Vulnerabilidad no especificada en op5 Monitor anterior a la versión 6.1.3 permite a atacantes remotos leer archivos arbitrarios a través de vectores desconocidos relacionados con una falta de autorización. • https://bugs.op5.com/view.php?id=7677 •

CVSS: 10.0EPSS: 3%CPEs: 3EXPL: 1

op5 Monitor and op5 Appliance before 5.5.0 do not properly manage session cookies, which allows remote attackers to have an unspecified impact via unspecified vectors. Monitor y Appliance op5 anterior a 5.5.0 no gestionan adecuadamente las cookies de sesión, que permite a atacantes remotos tener un impacto no especificado a través de vectores no especificados. OP5 suffers from poor session management, credential leakage and multiple remote root command execution vulnerabilities. • http://seclists.org/fulldisclosure/2012/Jan/62 http://secunia.com/advisories/47344 http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance http://www.osvdb.org/78066 https://bugs.op5.com/view.php?id=5094 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 10.0EPSS: 85%CPEs: 6EXPL: 1

license.php in system-portal before 1.6.2 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the timestamp parameter for an install action. El codigo license.php en system-portal anterior a 1.6.2 del Monitor y Appliance op5 anterior a 5.5.3 permite a atacantes remotos ejecutar comandos arbitrarios mediante metacaracteres de shell en el parámetro de marca de tiempo para una acción de instalación. OP5 suffers from poor session management, credential leakage and multiple remote root command execution vulnerabilities. • https://www.exploit-db.com/exploits/41686 http://seclists.org/fulldisclosure/2012/Jan/62 http://secunia.com/advisories/47417 http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance http://www.osvdb.org/78064 https://bugs.op5.com/view.php?id=5094 http://web.archive.org/web/20140724161718/http://secunia.com/advisories/47417 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 10.0EPSS: 88%CPEs: 6EXPL: 2

op5config/welcome in system-op5config before 2.0.3 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the password parameter. op5config/welcome en el sistema-op5config anterior a 2.0.3 en el Monitor y Appliance de op5 antes de 5.5.3 permite a atacantes remotos ejecutar comandos arbitrarios mediante metacaracteres de shell en el parámetro de contraseña. OP5 suffers from poor session management, credential leakage and multiple remote root command execution vulnerabilities. • https://www.exploit-db.com/exploits/41687 http://seclists.org/fulldisclosure/2012/Jan/62 http://secunia.com/advisories/47417 http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance http://www.osvdb.org/78065 https://bugs.op5.com/view.php?id=5094 http://web.archive.org/web/20120114164329/http://secunia.com:80/advisories/47417 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 4.0EPSS: 0%CPEs: 4EXPL: 1

monitor/index.php in op5 Monitor and op5 Appliance before 5.5.1 allows remote authenticated users to obtain sensitive information such as database and user credentials via error messages that are triggered by (1) a malformed hoststatustypes parameter to status/service/all or (2) a crafted request to config. monitor / index.php en el Monitor y Appliance de op5 anteriores a 5.5.1 permite a usuarios remotos autenticados obtener información confidencial, como bases de datos y las credenciales del usuario a través de los mensajes de error que se desencadenan por (1) un parámetro hoststatustypes malformado en estado/servicio/ todos o (2) una solicitud manipulada en las configuraciones. OP5 suffers from poor session management, credential leakage and multiple remote root command execution vulnerabilities. • http://seclists.org/fulldisclosure/2012/Jan/62 http://secunia.com/advisories/47344 http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance http://www.osvdb.org/78067 https://bugs.op5.com/view.php?id=5094 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •