CVSS: 6.1EPSS: 3%CPEs: 16EXPL: 6CVE-2011-2179 – Nagios 3.2.3 - 'expand' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-2179
14 Jun 2011 — Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an (a) command action or a (b) hosts action. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en config.c en config.cgi en (1) Nagios v3.2.3 y (2) Icinga antes de v1.4.1 permite a atacantes remotos inyectar secuencias de comandos web o H... • https://www.exploit-db.com/exploits/35818 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 63EXPL: 2CVE-2011-1523
https://notcve.org/view.php?id=CVE-2011-1523
03 May 2011 — Cross-site scripting (XSS) vulnerability in statusmap.c in statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the layer parameter. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en statusmap.c en statusmap.cgi en Nagios v3.2.3 y anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro de la capa. • http://openwall.com/lists/oss-security/2011/03/25/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 96%CPEs: 32EXPL: 4CVE-2009-2288 – Nagios 3.0.6 - 'statuswml.cgi' Arbitrary Shell Command Injection
https://notcve.org/view.php?id=CVE-2009-2288
01 Jul 2009 — statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters. statuswml.cgi en Nagios v3.1.1, permite a atacantes remotos ejecutar comandos de su elección a través de metacaracteres de consola en los parámetros (1) ping o (2) Traceroute. • https://www.exploit-db.com/exploits/33051 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 55EXPL: 0CVE-2008-6373
https://notcve.org/view.php?id=CVE-2008-6373
02 Mar 2009 — Unspecified vulnerability in Nagios before 3.0.6 has unspecified impact and remote attack vectors related to CGI programs, "adaptive external commands," and "writing newlines and submitting service comments." Vulnerabilidad no especificada en Nagios versiones anteriores a v3.0.6 tiene un impacto no especificado y vectores de ataque remoto relacionados con los programas CGI, "comandos de adaptación externa", e "introducción de nuevas líneas y envío de comentarios de servicio". • http://marc.info/?l=bugtraq&m=124156641928637&w=2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 2%CPEs: 65EXPL: 0CVE-2008-5028
https://notcve.org/view.php?id=CVE-2008-5028
10 Nov 2008 — Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en cmd.cgi en (1) Nagios 3.0.5 y (2) op5 Monitor antes de v4.0.1 permite a atacantes remotos enviar comandos al proceso Nagios y dispara la ejecución de programas de su elecc... • http://git.op5.org/git/?p=nagios.git%3Ba=commit%3Bh=814d8d4d1a73f7151eeed187c0667585d79fea18 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 7%CPEs: 65EXPL: 0CVE-2008-5027
https://notcve.org/view.php?id=CVE-2008-5027
10 Nov 2008 — The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this process, via an (a) custom form or a (b) browser addon. El proceso Nagios en (1) Nagios anterior a v3.0.5 y (2) op5 Monitor anterior a v4.0.1 ; permite a usuarios autenticados en remoto evitar las comprobaciones de autorización y provocar la ejecución de ficheros de su elección por este proceso a través de (a) un ... • http://marc.info/?l=bugtraq&m=124156641928637&w=2 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 1CVE-2008-4796 – Feed2JS File Disclosure
https://notcve.org/view.php?id=CVE-2008-4796
30 Oct 2008 — The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs. La función _httpsrequest function (Snoopy/Snoopy.class.php) en Snoopy 1.2.3 y versiones anteriores, cuando es usada en (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost y posi... • https://packetstorm.news/files/id/127352 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 31EXPL: 1CVE-2007-5803
https://notcve.org/view.php?id=CVE-2007-5803
13 May 2008 — Multiple cross-site scripting (XSS) vulnerabilities in CGI programs in Nagios before 2.12 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-5624 and CVE-2008-1360. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en programas CGI en Nagios versiones anteriores a 2.12, podrían permitir a atacantes remotos inyectar script web o HTML arbitrario por medio de vectores no especificados, un problema diferente de CVE-2007-5624 y... • http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2008-1360
https://notcve.org/view.php?id=CVE-2008-1360
17 Mar 2008 — Cross-site scripting (XSS) vulnerability in Nagios before 2.11 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts, a different issue than CVE-2007-5624. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en Nagios versiones anteriores a la 2.11, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante vectores desconocidos a secuencias de comandos CGI, un problema diferente al de la CVE-2007-5624. • http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5624
https://notcve.org/view.php?id=CVE-2007-5624
23 Oct 2007 — Cross-site scripting (XSS) vulnerability in Nagios 2.x before 2.10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en Nagios 2.x anterior a 2.10 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores desconocidos a secuecias de comandos CGI no especificadas. • http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •