3 results (0.009 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

PNP4Nagios through 0.6.26 has /usr/bin/npcd and npcd.cfg owned by an unprivileged account but root code execution depends on these files, which allows local users to gain privileges by leveraging access to this unprivileged account. En PNP4Nagios hasta la versión 0.6.26, /usr/bin/npcd y npcd.cfg son propiedad de una cuenta sin privilegios, pero la ejecución de código root depende de estos archivos. Esto permite que usuarios locales obtengan privilegios aprovechando el acceso a esta cuenta sin privilegios. • https://github.com/lingej/pnp4nagios/issues/140 https://security.gentoo.org/glsa/201806-09 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 4.3EPSS: 0%CPEs: 21EXPL: 1

Cross-site scripting (XSS) vulnerability in share/pnp/application/views/kohana_error_page.php in PNP4Nagios before 0.6.22 allows remote attackers to inject arbitrary web script or HTML via a parameter that is not properly handled in an error message. Vulnerabildad de XSS en share/pnp/application/views/kohana_error_page.php en PNP4Nagios anterior a 0.6.22 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un parámetro que no se maneja debidamente en un mensaje de error. • http://docs.pnp4nagios.org/pnp-0.6/dwnld http://openwall.com/lists/oss-security/2014/07/11/3 http://secunia.com/advisories/59535 http://secunia.com/advisories/59603 http://sourceforge.net/p/pnp4nagios/code/ci/f846a6c9d007ca2bee05359af747619151195fc9 http://www.op5.com/blog/news/op5-monitor-6-3-1-release-notes http://www.securityfocus.com/bid/68350 https://bugs.op5.com/view.php?id=8761 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 20EXPL: 2

Multiple cross-site scripting (XSS) vulnerabilities in PNP4Nagios through 0.6.22 allow remote attackers to inject arbitrary web script or HTML via the URI used for reaching (1) share/pnp/application/views/kohana_error_page.php or (2) share/pnp/application/views/template.php, leading to improper handling within an http-equiv="refresh" META element. Múltiples vulnerabilidades de XSS en PNP4Nagios hasta 0.6.22 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de la URI que se utiliza para alcanzar (1) share/pnp/application/views/kohana_error_page.php o (2) share/pnp/application/views/template.php, que conduce a un manejo indebido dentro de un elemento http-equiv='refresh' META. • http://openwall.com/lists/oss-security/2014/07/11/3 http://secunia.com/advisories/58973 http://www.securityfocus.com/bid/68352 https://github.com/lingej/pnp4nagios/commit/cb925073edeeb97eb4ce61a86cdafccc9b87f9bb https://github.com/lingej/pnp4nagios/commit/e4a19768a5c5e5b1276caf3dd5bb721a540ec014 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •