CVE-2007-5624
https://notcve.org/view.php?id=CVE-2007-5624
Cross-site scripting (XSS) vulnerability in Nagios 2.x before 2.10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en Nagios 2.x anterior a 2.10 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores desconocidos a secuecias de comandos CGI no especificadas. • http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html http://secunia.com/advisories/27316 http://secunia.com/advisories/27980 http://www.mandriva.com/security/advisories?name=MDVSA-2008:067 http://www.nagios.org/development/changelog.php#2x_branch http://www.securityfocus.com/bid/26152 http://www.vupen.com/english/advisories/2007/3567 https://bugzilla.redhat.com/show_bug.cgi?id=362791 https://bugzilla.redhat.com/show_bug.cgi?id=362801 https://exchange.xforce • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2006-2489
https://notcve.org/view.php?id=CVE-2006-2489
Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a content length (Content-Length) HTTP header. NOTE: this is a different vulnerability than CVE-2006-2162. • http://secunia.com/advisories/20123 http://secunia.com/advisories/20247 http://secunia.com/advisories/20313 http://www.debian.org/security/2006/dsa-1072 http://www.gentoo.org/security/en/glsa/glsa-200605-07.xml http://www.nagios.org/development/changelog.php http://www.securityfocus.com/bid/18059 http://www.vupen.com/english/advisories/2006/1822 https://exchange.xforce.ibmcloud.com/vulnerabilities/26454 https://usn.ubuntu.com/287-1 •
CVE-2006-2162
https://notcve.org/view.php?id=CVE-2006-2162
Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before 2.3 allows remote attackers to execute arbitrary code via a negative content length (Content-Length) HTTP header. • http://secunia.com/advisories/19991 http://secunia.com/advisories/19998 http://secunia.com/advisories/20013 http://secunia.com/advisories/20215 http://secunia.com/advisories/20247 http://www.debian.org/security/2006/dsa-1072 http://www.gentoo.org/security/en/glsa/glsa-200605-07.xml http://www.nagios.org/development/changelog.php http://www.novell.com/linux/security/advisories/2006_05_19.html http://www.securityfocus.com/bid/17879 http://www.vupen.com/english/advisori •
CVE-2002-1959
https://notcve.org/view.php?id=CVE-2002-1959
Nagios 1.0b1 through 1.0b3 allows remote attackers to execute arbitrary commands via shell metacharacters in plugin output. • http://www.iss.net/security_center/static/9508.php http://www.nagios.org/changelog.php http://www.securityfocus.com/bid/5174 •