CVSS: 4.3EPSS: 2%CPEs: 16EXPL: 6CVE-2011-2179 – Nagios 3.2.3 - 'expand' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-2179
Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an (a) command action or a (b) hosts action. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en config.c en config.cgi en (1) Nagios v3.2.3 y (2) Icinga antes de v1.4.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro expand, como se demuestra por (a) la acción command o (b) una acción hosts. • https://www.exploit-db.com/exploits/35818 http://archives.neohapsis.com/archives/bugtraq/2011-06/0017.html http://archives.neohapsis.com/archives/bugtraq/2011-06/0018.html http://secunia.com/advisories/44974 http://securityreason.com/securityalert/8274 http://tracker.nagios.org/view.php?id=224 http://www.openwall.com/lists/oss-security/2011/06/01/10 http://www.openwall.com/lists/oss-security/2011/06/02/6 http://www.rul3z.de/advisories/SSCHADV2011-005.txt http://w • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 63EXPL: 2CVE-2011-1523
https://notcve.org/view.php?id=CVE-2011-1523
Cross-site scripting (XSS) vulnerability in statusmap.c in statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the layer parameter. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en statusmap.c en statusmap.cgi en Nagios v3.2.3 y anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro de la capa. • http://openwall.com/lists/oss-security/2011/03/25/3 http://openwall.com/lists/oss-security/2011/03/28/4 http://secunia.com/advisories/43287 http://secunia.com/advisories/44974 http://securityreason.com/securityalert/8241 http://tracker.nagios.org/view.php?id=207 http://www.rul3z.de/advisories/SSCHADV2011-002.txt http://www.ubuntu.com/usn/USN-1151-1 https://bugzilla.redhat.com/show_bug.cgi?id=690877 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 97%CPEs: 32EXPL: 4CVE-2009-2288 – Nagios 3.0.6 - 'statuswml.cgi' Arbitrary Shell Command Injection
https://notcve.org/view.php?id=CVE-2009-2288
statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters. statuswml.cgi en Nagios v3.1.1, permite a atacantes remotos ejecutar comandos de su elección a través de metacaracteres de consola en los parámetros (1) ping o (2) Traceroute. • https://www.exploit-db.com/exploits/33051 https://www.exploit-db.com/exploits/16908 https://www.exploit-db.com/exploits/9861 http://marc.info/?l=bugtraq&m=126996888626964&w=2 http://secunia.com/advisories/35543 http://secunia.com/advisories/35688 http://secunia.com/advisories/35692 http://secunia.com/advisories/39227 http://security.gentoo.org/glsa/glsa-200907-15.xml http://tracker.nagios.org/view.php?id=15 http://www.debian.org/security/2009/dsa-1825 http: • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.0EPSS: 0%CPEs: 55EXPL: 0CVE-2008-6373
https://notcve.org/view.php?id=CVE-2008-6373
Unspecified vulnerability in Nagios before 3.0.6 has unspecified impact and remote attack vectors related to CGI programs, "adaptive external commands," and "writing newlines and submitting service comments." Vulnerabilidad no especificada en Nagios versiones anteriores a v3.0.6 tiene un impacto no especificado y vectores de ataque remoto relacionados con los programas CGI, "comandos de adaptación externa", e "introducción de nuevas líneas y envío de comentarios de servicio". • http://marc.info/?l=bugtraq&m=124156641928637&w=2 http://secunia.com/advisories/32909 http://secunia.com/advisories/35002 http://security.gentoo.org/glsa/glsa-200907-15.xml http://www.nagios.org/development/history/nagios-3x.php http://www.nagios.org/news/#88 http://www.securityfocus.com/bid/32611 http://www.securitytracker.com/id?1022165 http://www.vupen.com/english/advisories/2009/1256 https://exchange.xforce.ibmcloud.com/vulnerabilities/47081 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.8EPSS: 2%CPEs: 65EXPL: 0CVE-2008-5028
https://notcve.org/view.php?id=CVE-2008-5028
Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en cmd.cgi en (1) Nagios 3.0.5 y (2) op5 Monitor antes de v4.0.1 permite a atacantes remotos enviar comandos al proceso Nagios y dispara la ejecución de programas de su elección por este proceso, mediante peticiones HTTP no especificadas. • http://git.op5.org/git/?p=nagios.git%3Ba=commit%3Bh=814d8d4d1a73f7151eeed187c0667585d79fea18 http://marc.info/?l=bugtraq&m=124156641928637&w=2 http://osvdb.org/49678 http://secunia.com/advisories/32610 http://secunia.com/advisories/32630 http://secunia.com/advisories/33320 http://secunia.com/advisories/35002 http://security.gentoo.org/glsa/glsa-200907-15.xml http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se&forum_name=nagios-devel http://www.op5.c • CWE-352: Cross-Site Request Forgery (CSRF) •