Page 15 of 145 results (0.022 seconds)

CVSS: 4.9EPSS: 0%CPEs: 4EXPL: 1

Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files. NOTE: this vulnerability has been mistakenly associated with CVE-2020-1408. Nagios versión 4.4.5, permite a un atacante, que presenta acceso administrativo, cambiar el ajuste de configuración "URL for JSON CGI", para modificar el código de Alert Histogram y Trends por medio de las versiones diseñadas de los archivos archivejson.cgi, objectjson.cgi y statusjson.cgi. NOTA: esta vulnerabilidad ha sido erróneamente asociada con CVE-2020-1408 • https://anhtai.me/nagios-core-4-4-5-url-injection https://github.com/sawolf/nagioscore/tree/url-injection-fix https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P6NHNG2SJAM6DXVTXQH3AOJ4WQVKJUE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H7T6MSDWMBJEVVFSOK7DOYJJWDAFQCEQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUEIABR4Y6L5J5MZDFWU46ZWXMJO64U3 https://www.nagios.org/projects/nagios-core/history/ • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •

CVSS: 4.8EPSS: 5%CPEs: 1EXPL: 1

Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ username parameter. Nagios XI versión 5.6.11, permite un ataque de tipo XSS por medio del parámetro username del archivo includes/components/ldap_ad_integration/. • https://code610.blogspot.com/2020/03/nagios-5611-xssd.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.8EPSS: 5%CPEs: 1EXPL: 1

Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ password parameter. Nagios versión XI 5.6.11, permite un ataque de tipo XSS por medio del parámetro password del archivo includes/components/ldap_ad_integration/. • https://code610.blogspot.com/2020/03/nagios-5611-xssd.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.8EPSS: 5%CPEs: 1EXPL: 1

Nagios XI 5.6.11 allows XSS via the account/main.php theme parameter. Nagios versión XI 5.6.11, permite un ataque de tipo XSS por medio del parámetro theme del archivo account/main.php. • https://code610.blogspot.com/2020/03/nagios-5611-xssd.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Nagios Log Server 2.1.3 has Incorrect Access Control. Nagios Log Server versión 2.1.3, presenta un Control de Acceso Incorrecto. • https://assets.nagios.com/downloads/nagios-log-server/CHANGES.TXT https://medium.com/%40fixitt6/multiple-vulnerabilities-in-nagios-log-server-2-1-3-af7c160edc60 https://www.nagios.com/products/nagios-log-server • CWE-269: Improper Privilege Management •