CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2012-3441
https://notcve.org/view.php?id=CVE-2012-3441
The database creation script (module/idoutils/db/scripts/create_mysqldb.sh) in Icinga 1.7.1 grants access to all databases to the icinga user, which allows icinga users to access other databases via unspecified vectors. El script de creación de base de datos (module/idoutils/db/scripts/create_mysqldb.sh) en Icinga v1.7.1 garantiza el acceso a todas las bases de datos para el usuario icinga, lo que permite a los usuarios acceder a otras bases de datos icinga a través de vectores no especificados. • http://lists.opensuse.org/opensuse-updates/2012-08/msg00012.html http://www.openwall.com/lists/oss-security/2012/07/30/6 http://www.openwall.com/lists/oss-security/2012/07/30/7 https://bugzilla.novell.com/show_bug.cgi?id=767319 https://exchange.xforce.ibmcloud.com/vulnerabilities/78874 https://git.icinga.org/?p=icinga-core.git%3Ba=commitdiff%3Bh=712813d3118a5b9e5a496179cab81dbe91f69d63 https://git.icinga.org/?p=icinga-core.git%3Ba=commitdiff%3Bh=dcd45fb6931c4abf710829bee21af09f842bc281 https://g • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.6EPSS: 0%CPEs: 15EXPL: 0CVE-2011-2477
https://notcve.org/view.php?id=CVE-2011-2477
Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in Icinga before 1.4.1, when escape_html_tags is disabled, allow remote attackers to inject arbitrary web script or HTML via a JavaScript expression, as demonstrated by the onload attribute of a BODY element located after a check-host-alive! sequence, a different vulnerability than CVE-2011-2179. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en config.c en config.cgi en Icinga antes de v1.4.1, cuando escape_html_tags está desactivado, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de una expresión JavaScript, como lo demuestra el atributo onload de un elemento BODY localizado después de un check-host-alive! secuencia, una vulnerabilidad diferente de CVE-2011-2179. • https://dev.icinga.org/issues/1605 https://exchange.xforce.ibmcloud.com/vulnerabilities/68056 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 2%CPEs: 16EXPL: 6CVE-2011-2179 – Nagios 3.2.3 - 'expand' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-2179
Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an (a) command action or a (b) hosts action. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en config.c en config.cgi en (1) Nagios v3.2.3 y (2) Icinga antes de v1.4.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro expand, como se demuestra por (a) la acción command o (b) una acción hosts. • https://www.exploit-db.com/exploits/35818 http://archives.neohapsis.com/archives/bugtraq/2011-06/0017.html http://archives.neohapsis.com/archives/bugtraq/2011-06/0018.html http://secunia.com/advisories/44974 http://securityreason.com/securityalert/8274 http://tracker.nagios.org/view.php?id=224 http://www.openwall.com/lists/oss-security/2011/06/01/10 http://www.openwall.com/lists/oss-security/2011/06/02/6 http://www.rul3z.de/advisories/SSCHADV2011-005.txt http://w • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •