CVSS: 8.8EPSS: 1%CPEs: 35EXPL: 0CVE-2013-7106 – Debian Security Advisory 2956-1
https://notcve.org/view.php?id=CVE-2013-7106
14 Jan 2014 — Multiple stack-based buffer overflows in Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long string to the (1) display_nav_table, (2) page_limit_selector, (3) print_export_link, or (4) page_num_selector function in cgi/cgiutils.c; (5) status_page_num_selector function in cgi/status.c; or (6) display_command_expansion function in cgi/config.c. NOTE: this can be exploited without auth... • http://www.openwall.com/lists/oss-security/2013/12/16/4 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 78%CPEs: 44EXPL: 5CVE-2012-6096 – Nagios3 - 'history.cgi' Host Command Execution
https://notcve.org/view.php?id=CVE-2012-6096
22 Jan 2013 — Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote attackers to execute arbitrary code via a long (1) host_name variable (host parameter) or (2) svc_description variable. Múltiples desbordamientos de búfer basado en pila en la función get_history en history.cgi en Nagios core anterior a v3.4.4, y Icinga v1.6.x anterior a v1.6.2, v1.7.x anterior a v1.7.4, y ... • https://www.exploit-db.com/exploits/24159 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2012-3441
https://notcve.org/view.php?id=CVE-2012-3441
25 Aug 2012 — The database creation script (module/idoutils/db/scripts/create_mysqldb.sh) in Icinga 1.7.1 grants access to all databases to the icinga user, which allows icinga users to access other databases via unspecified vectors. El script de creación de base de datos (module/idoutils/db/scripts/create_mysqldb.sh) en Icinga v1.7.1 garantiza el acceso a todas las bases de datos para el usuario icinga, lo que permite a los usuarios acceder a otras bases de datos icinga a través de vectores no especificados. • http://lists.opensuse.org/opensuse-updates/2012-08/msg00012.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 3%CPEs: 16EXPL: 6CVE-2011-2179 – Nagios 3.2.3 - 'expand' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-2179
14 Jun 2011 — Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an (a) command action or a (b) hosts action. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en config.c en config.cgi en (1) Nagios v3.2.3 y (2) Icinga antes de v1.4.1 permite a atacantes remotos inyectar secuencias de comandos web o H... • https://www.exploit-db.com/exploits/35818 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 15EXPL: 0CVE-2011-2477
https://notcve.org/view.php?id=CVE-2011-2477
14 Jun 2011 — Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in Icinga before 1.4.1, when escape_html_tags is disabled, allow remote attackers to inject arbitrary web script or HTML via a JavaScript expression, as demonstrated by the onload attribute of a BODY element located after a check-host-alive! sequence, a different vulnerability than CVE-2011-2179. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en config.c en config.cgi en Icinga antes de ... • https://dev.icinga.org/issues/1605 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •