Page 18 of 98 results (0.021 seconds)

CVSS: 8.8EPSS: 4%CPEs: 1EXPL: 1

Nagios XI 5.5.6 allows remote authenticated attackers to execute arbitrary commands via a crafted HTTP request. Nagios XI 5.5.6 permite que atacantes remotos autenticados ejecuten comandos arbitrarios mediante una petición HTTP manipulada. • https://www.tenable.com/security/research/tra-2018-37 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 6.1EPSS: 21%CPEs: 1EXPL: 1

Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the oname and oname2 parameters. Nagios XI 5.5.6 permite Cross-Site Scripting (XSS) reflejado de atacantes remotos no autenticados mediante los parámetros oname y oname2. • https://www.tenable.com/security/research/tra-2018-37 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.2EPSS: 3%CPEs: 2EXPL: 1

A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/info.php key1 parameter. Se ha descubierto un problema de inyección SQL en Nagios XI en versiones anteriores a la 5.4.13 mediante el parámetro key1 en admin/info.php. • https://www.seebug.org/vuldb/ssvid-97266 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.2EPSS: 3%CPEs: 2EXPL: 1

A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/menuaccess.php chbKey1 parameter. Se ha descubierto un problema de inyección SQL en Nagios XI en versiones anteriores a la 5.4.13 mediante el parámetro chbKey1 en admin/menuaccess.php. • https://www.seebug.org/vuldb/ssvid-97268 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.2EPSS: 3%CPEs: 2EXPL: 1

A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter. Se ha descubierto un problema de inyección SQL en Nagios XI en versiones anteriores a la 5.4.13 mediante el parámetro txtSearch en admin/logbook.php. • https://www.seebug.org/vuldb/ssvid-97267 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •