CVSS: 6.1EPSS: 76%CPEs: 1EXPL: 3CVE-2021-25299 – Nagios XI 5.7.5 Remote Code Execution
https://notcve.org/view.php?id=CVE-2021-25299
15 Feb 2021 — Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). The vulnerability exists in the file /usr/local/nagiosxi/html/admin/sshterm.php due to improper sanitization of user-controlled input. A maliciously crafted URL, when clicked by an admin user, can be used to steal his/her session cookies or it can be chained with the previous bugs to get one-click remote command execution (RCE) on the Nagios XI server. Nagios XI versión xi-5.7.5, esta afectada por una vulnerabilidad de tipo cross-site scr... • https://packetstorm.news/files/id/161561 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 93%CPEs: 1EXPL: 6CVE-2021-25296 – Nagios XI OS Command Injection
https://notcve.org/view.php?id=CVE-2021-25296
15 Feb 2021 — Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server. Nagios XI versión xi-5.7.5, esta afectada por una inyección de comandos del Sistema Operativo. La vulnerabilidad se presenta en el archivo /usr/local/nagiosxi/html/includ... • https://packetstorm.news/files/id/170924 •
CVSS: 9.0EPSS: 47%CPEs: 1EXPL: 7CVE-2021-25297 – Nagios XI OS Command Injection
https://notcve.org/view.php?id=CVE-2021-25297
15 Feb 2021 — Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server. Nagios XI versión xi-5.7.5, esta afectada por una inyección de comandos del Sistema Operativo. La vulnerabilidad se presenta en el archivo /usr/local/nagiosxi/html/includes/confi... • https://packetstorm.news/files/id/170924 •
CVSS: 9.0EPSS: 75%CPEs: 1EXPL: 6CVE-2021-25298 – Nagios XI OS Command Injection
https://notcve.org/view.php?id=CVE-2021-25298
15 Feb 2021 — Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server. Nagios XI versión xi-5.7.5, esta afectada por una inyección de comandos del Sistema Operativo. La vulnerabilidad se presenta en el archivo /usr/local/nagiosxi/html/includes/c... • https://packetstorm.news/files/id/170924 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.3EPSS: 1%CPEs: 2EXPL: 0CVE-2021-26024
https://notcve.org/view.php?id=CVE-2021-26024
03 Feb 2021 — The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to Insecure Direct Object Reference: it is possible to create favorites for any other user account. El plugin Favorites versiones anteriores a 1.0.2 para Nagios XI versión 5.8.0, es vulnerable a una Referencia Directa a Objetos No Segura: es posible crear favoritos para cualquier otra cuenta de usuario • https://www.nagios.com/products/security • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 6.1EPSS: 59%CPEs: 2EXPL: 0CVE-2021-26023
https://notcve.org/view.php?id=CVE-2021-26023
03 Feb 2021 — The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to XSS. El plugin Favorites versiones anteriores a 1.0.2 para Nagios XI versión 5.8.0, es vulnerable a un ataque de tipo XSS • https://www.nagios.com/products/security • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 25%CPEs: 1EXPL: 0CVE-2021-3193
https://notcve.org/view.php?id=CVE-2021-3193
22 Jan 2021 — Improper access and command validation in the Nagios Docker Config Wizard before 1.1.2, as used in Nagios XI through 5.7, allows an unauthenticated attacker to execute remote code as the apache user. Un acceso inapropiado y una comprobación de comandos en el asistente de configuración de Docker de Nagios XI versiones anteriores a 5.8.0, permiten a un atacante autenticado ejecutar código remoto como el usuario de Apache • https://www.nagios.com/products/security •
CVSS: 9.0EPSS: 90%CPEs: 1EXPL: 5CVE-2020-35578 – Nagios XI 5.7.X - Remote Code Execution RCE (Authenticated)
https://notcve.org/view.php?id=CVE-2020-35578
13 Jan 2021 — An issue was discovered in the Manage Plugins page in Nagios XI before 5.8.0. Because the line-ending conversion feature is mishandled during a plugin upload, a remote, authenticated admin user can execute operating-system commands. Se detectó un problema en la página Manage Plugins en Nagios XI versiones anteriores a 5.8.0. Debido a que la funcionalidad line-ending conversion es manejada inapropiadamente durante la carga de un plugin, un usuario administrador autenticado y remoto puede ejecutar comand... • https://packetstorm.news/files/id/162207 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.4EPSS: 17%CPEs: 1EXPL: 0CVE-2020-27991
https://notcve.org/view.php?id=CVE-2020-27991
16 Nov 2020 — Nagios XI before 5.7.5 is vulnerable to XSS in Account Information (Email field). Nagios XI versiones anteriores a 5.7.5, es vulnerable a un ataque de tipo XSS en Account Information (campo Email) • https://www.nagios.com/downloads/nagios-xi/change-log • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 17%CPEs: 1EXPL: 0CVE-2020-27990
https://notcve.org/view.php?id=CVE-2020-27990
16 Nov 2020 — Nagios XI before 5.7.5 is vulnerable to XSS in the Deployment tool (add agent). Nagios XI versiones anteriores a 5.7.5, es vulnerable a un ataque de tipo XSS en la herramienta Deployment (add agent) • https://www.nagios.com/downloads/nagios-xi/change-log • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •