CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5624
https://notcve.org/view.php?id=CVE-2007-5624
23 Oct 2007 — Cross-site scripting (XSS) vulnerability in Nagios 2.x before 2.10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en Nagios 2.x anterior a 2.10 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores desconocidos a secuecias de comandos CGI no especificadas. • http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 23EXPL: 0CVE-2006-2489
https://notcve.org/view.php?id=CVE-2006-2489
19 May 2006 — Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a content length (Content-Length) HTTP header. NOTE: this is a different vulnerability than CVE-2006-2162. • http://secunia.com/advisories/20123 •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2006-2162
https://notcve.org/view.php?id=CVE-2006-2162
03 May 2006 — Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before 2.3 allows remote attackers to execute arbitrary code via a negative content length (Content-Length) HTTP header. • http://secunia.com/advisories/19991 •
CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0CVE-2002-1959
https://notcve.org/view.php?id=CVE-2002-1959
31 Dec 2002 — Nagios 1.0b1 through 1.0b3 allows remote attackers to execute arbitrary commands via shell metacharacters in plugin output. • http://www.iss.net/security_center/static/9508.php •