NotCVE - vendor:"Nagios" product:"Nagios" version:"1.0"

Page 5 of 26 results (0.003 seconds)

CVSS: 6.8EPSS: 2%CPEs: 65EXPL: 0

CVE-2008-5028

https://notcve.org/view.php?id=CVE-2008-5028

Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en cmd.cgi en (1) Nagios 3.0.5 y (2) op5 Monitor antes de v4.0.1 permite a atacantes remotos enviar comandos al proceso Nagios y dispara la ejecución de programas de su elección por este proceso, mediante peticiones HTTP no especificadas. • http://git.op5.org/git/?p=nagios.git%3Ba=commit%3Bh=814d8d4d1a73f7151eeed187c0667585d79fea18 http://marc.info/?l=bugtraq&m=124156641928637&w=2 http://osvdb.org/49678 http://secunia.com/advisories/32610 http://secunia.com/advisories/32630 http://secunia.com/advisories/33320 http://secunia.com/advisories/35002 http://security.gentoo.org/glsa/glsa-200907-15.xml http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se&forum_name=nagios-devel http://www.op5.c • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 10.0EPSS: 1%CPEs: 5EXPL: 0

CVE-2008-4796 – Feed2JS File Disclosure

https://notcve.org/view.php?id=CVE-2008-4796

The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs. La función _httpsrequest function (Snoopy/Snoopy.class.php) en Snoopy 1.2.3 y versiones anteriores, cuando es usada en (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost y posiblemente otros productos, permite a atacantes remotos ejecutar comandos arbitrarios a través de metacarácteres shell en URLs https. Feed2JS uses MagpieRSS for parsing the feeds, and MagpieRSS uses Snoopy library for fetching the documents. The version of Snoopy in use suffers from a local file disclosure vulnerability. • http://jvn.jp/en/jp/JVN20502807/index.html http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000074.html http://secunia.com/advisories/32361 http://sourceforge.net/forum/forum.php?forum_id=879959 http://www.debian.org/security/2008/dsa-1691 http://www.debian.org/security/2009/dsa-1871 http://www.openwall.com/lists/oss-security/2008/11/01/1 http://www.securityfocus.com/archive/1/496068/100/0/threaded http://www.securityfocus.com/bid/31887 http://www.vupen • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2007-5624

https://notcve.org/view.php?id=CVE-2007-5624

Cross-site scripting (XSS) vulnerability in Nagios 2.x before 2.10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en Nagios 2.x anterior a 2.10 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores desconocidos a secuecias de comandos CGI no especificadas. • http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html http://secunia.com/advisories/27316 http://secunia.com/advisories/27980 http://www.mandriva.com/security/advisories?name=MDVSA-2008:067 http://www.nagios.org/development/changelog.php#2x_branch http://www.securityfocus.com/bid/26152 http://www.vupen.com/english/advisories/2007/3567 https://bugzilla.redhat.com/show_bug.cgi?id=362791 https://bugzilla.redhat.com/show_bug.cgi?id=362801 https://exchange.xforce&# • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 8%CPEs: 23EXPL: 0

CVE-2006-2489

https://notcve.org/view.php?id=CVE-2006-2489

Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a content length (Content-Length) HTTP header. NOTE: this is a different vulnerability than CVE-2006-2162. • http://secunia.com/advisories/20123 http://secunia.com/advisories/20247 http://secunia.com/advisories/20313 http://www.debian.org/security/2006/dsa-1072 http://www.gentoo.org/security/en/glsa/glsa-200605-07.xml http://www.nagios.org/development/changelog.php http://www.securityfocus.com/bid/18059 http://www.vupen.com/english/advisories/2006/1822 https://exchange.xforce.ibmcloud.com/vulnerabilities/26454 https://usn.ubuntu.com/287-1 •

CVSS: 5.0EPSS: 10%CPEs: 2EXPL: 0

CVE-2006-2162

https://notcve.org/view.php?id=CVE-2006-2162

Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before 2.3 allows remote attackers to execute arbitrary code via a negative content length (Content-Length) HTTP header. • http://secunia.com/advisories/19991 http://secunia.com/advisories/19998 http://secunia.com/advisories/20013 http://secunia.com/advisories/20215 http://secunia.com/advisories/20247 http://www.debian.org/security/2006/dsa-1072 http://www.gentoo.org/security/en/glsa/glsa-200605-07.xml http://www.nagios.org/development/changelog.php http://www.novell.com/linux/security/advisories/2006_05_19.html http://www.securityfocus.com/bid/17879 http://www.vupen.com/english/advisori •

1...3 4 5 6