Page 14 of 80 results (0.016 seconds)

CVSS: 6.1EPSS: 21%CPEs: 1EXPL: 1

Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the host parameter in api_tool.php. Nagios XI 5.5.6 permite Cross-Site Scripting (XSS) reflejado de atacantes remotos no autenticados mediante el parámetro host en api_tool.php. • https://www.tenable.com/security/research/tra-2018-37 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 27%CPEs: 1EXPL: 1

Nagios XI 5.5.6 allows remote authenticated attackers to reset and regenerate the API key of more privileged users. The attacker can then use the new API key to execute API calls at elevated privileges. Nagios XI 5.5.6 permite que atacantes autenticados remotos restablezcan y regeneren la clave API de usuarios más privilegiados. El atacante puede emplear la nueva clave API para ejecutar llamadas API con privilegios elevados. • https://www.tenable.com/security/research/tra-2018-37 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 8.8EPSS: 4%CPEs: 1EXPL: 1

Nagios XI 5.5.6 allows remote authenticated attackers to execute arbitrary commands via a crafted HTTP request. Nagios XI 5.5.6 permite que atacantes remotos autenticados ejecuten comandos arbitrarios mediante una petición HTTP manipulada. • https://www.tenable.com/security/research/tra-2018-37 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 6.1EPSS: 21%CPEs: 1EXPL: 1

Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the oname and oname2 parameters. Nagios XI 5.5.6 permite Cross-Site Scripting (XSS) reflejado de atacantes remotos no autenticados mediante los parámetros oname y oname2. • https://www.tenable.com/security/research/tra-2018-37 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.2EPSS: 3%CPEs: 2EXPL: 1

A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/info.php key1 parameter. Se ha descubierto un problema de inyección SQL en Nagios XI en versiones anteriores a la 5.4.13 mediante el parámetro key1 en admin/info.php. • https://www.seebug.org/vuldb/ssvid-97266 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •