Page 5 of 33 results (0.011 seconds)

CVSS: 4.3EPSS: 2%CPEs: 16EXPL: 6

Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an (a) command action or a (b) hosts action. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en config.c en config.cgi en (1) Nagios v3.2.3 y (2) Icinga antes de v1.4.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro expand, como se demuestra por (a) la acción command o (b) una acción hosts. • https://www.exploit-db.com/exploits/35818 http://archives.neohapsis.com/archives/bugtraq/2011-06/0017.html http://archives.neohapsis.com/archives/bugtraq/2011-06/0018.html http://secunia.com/advisories/44974 http://securityreason.com/securityalert/8274 http://tracker.nagios.org/view.php?id=224 http://www.openwall.com/lists/oss-security/2011/06/01/10 http://www.openwall.com/lists/oss-security/2011/06/02/6 http://www.rul3z.de/advisories/SSCHADV2011-005.txt http://w • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 63EXPL: 2

Cross-site scripting (XSS) vulnerability in statusmap.c in statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the layer parameter. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en statusmap.c en statusmap.cgi en Nagios v3.2.3 y anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro de la capa. • http://openwall.com/lists/oss-security/2011/03/25/3 http://openwall.com/lists/oss-security/2011/03/28/4 http://secunia.com/advisories/43287 http://secunia.com/advisories/44974 http://securityreason.com/securityalert/8241 http://tracker.nagios.org/view.php?id=207 http://www.rul3z.de/advisories/SSCHADV2011-002.txt http://www.ubuntu.com/usn/USN-1151-1 https://bugzilla.redhat.com/show_bug.cgi?id=690877 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 97%CPEs: 32EXPL: 4

statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters. statuswml.cgi en Nagios v3.1.1, permite a atacantes remotos ejecutar comandos de su elección a través de metacaracteres de consola en los parámetros (1) ping o (2) Traceroute. • https://www.exploit-db.com/exploits/33051 https://www.exploit-db.com/exploits/16908 https://www.exploit-db.com/exploits/9861 http://marc.info/?l=bugtraq&m=126996888626964&w=2 http://secunia.com/advisories/35543 http://secunia.com/advisories/35688 http://secunia.com/advisories/35692 http://secunia.com/advisories/39227 http://security.gentoo.org/glsa/glsa-200907-15.xml http://tracker.nagios.org/view.php?id=15 http://www.debian.org/security/2009/dsa-1825 http: • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 5.0EPSS: 0%CPEs: 55EXPL: 0

Unspecified vulnerability in Nagios before 3.0.6 has unspecified impact and remote attack vectors related to CGI programs, "adaptive external commands," and "writing newlines and submitting service comments." Vulnerabilidad no especificada en Nagios versiones anteriores a v3.0.6 tiene un impacto no especificado y vectores de ataque remoto relacionados con los programas CGI, "comandos de adaptación externa", e "introducción de nuevas líneas y envío de comentarios de servicio". • http://marc.info/?l=bugtraq&m=124156641928637&w=2 http://secunia.com/advisories/32909 http://secunia.com/advisories/35002 http://security.gentoo.org/glsa/glsa-200907-15.xml http://www.nagios.org/development/history/nagios-3x.php http://www.nagios.org/news/#88 http://www.securityfocus.com/bid/32611 http://www.securitytracker.com/id?1022165 http://www.vupen.com/english/advisories/2009/1256 https://exchange.xforce.ibmcloud.com/vulnerabilities/47081 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.5EPSS: 4%CPEs: 65EXPL: 0

The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this process, via an (a) custom form or a (b) browser addon. El proceso Nagios en (1) Nagios anterior a v3.0.5 y (2) op5 Monitor anterior a v4.0.1 ; permite a usuarios autenticados en remoto evitar las comprobaciones de autorización y provocar la ejecución de ficheros de su elección por este proceso a través de (a) un formulario personalizado o (b) un complemento para el navegador. • http://marc.info/?l=bugtraq&m=124156641928637&w=2 http://secunia.com/advisories/33320 http://secunia.com/advisories/35002 http://security.gentoo.org/glsa/glsa-200907-15.xml http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se&forum_name=nagios-devel http://www.nagios.org/development/history/nagios-3x.php http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor http://www.openwall.com/lists/oss-security/2008/11/06/2 http&# • CWE-264: Permissions, Privileges, and Access Controls •