Page 3 of 34 results (0.008 seconds)

CVSS: 9.8EPSS: 26%CPEs: 1EXPL: 3

MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4796. MagpieRSS, como es usado en el componente front-end en Nagios Core en versiones anteriores a 4.2.2 podría permitir a atacantes remotos leer o escribir archivos arbitrarios falsificando una respuesta manipulada del servidor de alimentación Nagios RSS. NOTA: esta vulnerabilidad existe debido a una incompleta reparación de CVE-2008-4796. It was found that an attacker who could control the content of an RSS feed could execute code remotely using the Nagios web interface. • https://www.exploit-db.com/exploits/40920 http://packetstormsecurity.com/files/140169/Nagios-Core-Curl-Command-Injection-Code-Execution.html http://rhn.redhat.com/errata/RHSA-2017-0211.html http://rhn.redhat.com/errata/RHSA-2017-0212.html http://rhn.redhat.com/errata/RHSA-2017-0213.html http://rhn.redhat.com/errata/RHSA-2017-0214.html http://rhn.redhat.com/errata/RHSA-2017-0258.html http://rhn.redhat.com/errata/RHSA-2017-0259.html http://seclists.org/fulldisclosure/2016/ • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-284: Improper Access Control •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1

A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local attacker to create symbolic links before the files are to be created and possibly escalating the privileges with the ownership change. Se ha encontrado una vulnerabilidad de escalado de privilegios en nagios 4.2.x que ocurre en daemon-init.in al crear archivos necesarios y, posteriormente, cambiar de forma no segura la propiedad. Es posible que el atacante local cree vínculos simbólicos antes de que se creen los archivos y escale privilegios con el cambio de propiedad. Nagios versions 2.x through 4.x suffer from a local privilege escalation vulnerability. • https://www.exploit-db.com/exploits/40774 http://www.securityfocus.com/bid/95121 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8641 https://github.com/NagiosEnterprises/nagioscore/commit/f2ed227673d3b2da643eb5cad26b2d87674f28c1.patch https://security.gentoo.org/glsa/201702-26 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0

The check_icmp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4701. El plugin check_icmp en Nagios Plugins anterior a 2.0.2 permite a usuarios locales obtener información sensible de los ficheros de configuraciones INI a través del indicador extra-opts, una vulnerabilidad diferente a CVE-2014-4701. • http://nagios-plugins.org/nagios-plugins-2-0-2-released/?utm_source=Nagios.org&utm_medium=News+Post&utm_content=Nagios%20Plugins%202.0.2%20Released&utm_campaign=Nagios%20Plugins http://secunia.com/advisories/58751 http://secunia.com/advisories/61319 http://www.openwall.com/lists/oss-security/2014/06/30/6 http://www.securityfocus.com/bid/68293 https://www.suse.com/support/update/announcement/2014/suse-su-20141352-1.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 2

lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4701. lib/parse_ini.c en Nagios Plugins 2.0.2 permite a usuarios locales obtener información sensible a través de un ataque de enlace simbólico en el ficheros de configuraciones en el indicador extra-opts. NOTA:esta vulnerabilidad existe debido a una solución incompleta para CVE-2014-4701. • https://www.exploit-db.com/exploits/33904 http://nagios-plugins.org/nagios-plugins-2-0-3-released http://seclists.org/fulldisclosure/2014/Jun/141 http://www.openwall.com/lists/oss-security/2014/06/30/6 http://www.securityfocus.com/bid/76810 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 3

The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4702. El plugin check_dhcp en Nagios Plugins anterior a 2.0.2 permite a usuarios locales obtener información sensible de los ficheros de configuraciones INI a través del indicador extra-opts, una vulnerabilidad diferente a CVE-2014-4702. • http://legalhackers.com/advisories/nagios-check_dhcp.txt http://nagios-plugins.org/nagios-plugins-2-0-2-released/?utm_source=Nagios.org&utm_medium=News+Post&utm_content=Nagios%20Plugins%202.0.2%20Released&utm_campaign=Nagios%20Plugins http://seclists.org/fulldisclosure/2014/May/74 http://secunia.com/advisories/58751 http://secunia.com/advisories/61319 http://www.exploit-db.com/exploits/33387 http://www.openwall.com/lists/oss-security/2014/06/30/6 http://www.securityfocus.com/bid • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •