NotCVE - vendor:"Nagios" product:"Nagios Xi" version:" <= 5.8.5"

Page 9 of 93 results (0.005 seconds)

CVSS: 9.0EPSS: 96%CPEs: 1EXPL: 4

CVE-2021-25296 – Nagios XI OS Command Injection

https://notcve.org/view.php?id=CVE-2021-25296

Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server. Nagios XI versión xi-5.7.5, esta afectada por una inyección de comandos del Sistema Operativo. La vulnerabilidad se presenta en el archivo /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php debido a un saneamiento inapropiado de la entrada controlada por el usuario autenticado mediante una única petición HTTP, que puede conllevar a una inyección de comandos del el servidor de Nagios XI Nagios XI version 5.7.5 suffers from a cross site scripting and multiple remote code execution vulnerabilities. Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server. • http://nagios.com http://packetstormsecurity.com/files/161561/Nagios-XI-5.7.5-Remote-Code-Execution.html http://packetstormsecurity.com/files/170924/Nagios-XI-5.7.5-Remote-Code-Execution.html https://assets.nagios.com/downloads/nagiosxi/versions.php https://github.com/fs0c-sh/nagios-xi-5.7.5-bugs/blob/main/README.md https://www.fastly.com/blog/anatomy-of-a-command-injection-cve-2021-25296-7-8-with-metasploit-module-and •

CVSS: 9.0EPSS: 96%CPEs: 1EXPL: 5

CVE-2021-25297 – Nagios XI OS Command Injection

https://notcve.org/view.php?id=CVE-2021-25297

Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server. Nagios XI versión xi-5.7.5, esta afectada por una inyección de comandos del Sistema Operativo. La vulnerabilidad se presenta en el archivo /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php debido a un saneamiento inapropiado de la entrada controlada por el usuario autenticado mediante una única petición HTTP, lo que puede conllevar a una inyección de comandos del sistema operativo en el servidor de Nagios XI Nagios XI version 5.7.5 suffers from a cross site scripting and multiple remote code execution vulnerabilities. Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server. • http://nagios.com http://packetstormsecurity.com/files/161561/Nagios-XI-5.7.5-Remote-Code-Execution.html http://packetstormsecurity.com/files/170924/Nagios-XI-5.7.5-Remote-Code-Execution.html https://assets.nagios.com/downloads/nagiosxi/versions.php https://github.com/fs0c-sh/nagios-xi-5.7.5-bugs/blob/main/README.md https://www.fastly.com/blog/anatomy-of-a-command-injection-cve-2021-25296-7-8-with-metasploit-module-and •

CVSS: 9.0EPSS: 96%CPEs: 1EXPL: 4

CVE-2021-25298 – Nagios XI OS Command Injection

https://notcve.org/view.php?id=CVE-2021-25298

Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server. Nagios XI versión xi-5.7.5, esta afectada por una inyección de comandos del Sistema Operativo. La vulnerabilidad se presenta en el archivo /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php debido a un saneamiento inapropiado de la entrada controlada por el usuario autenticado mediante una única petición HTTP, lo que puede conducir a una inyección de comandos del Sistema Operativo en el servidor de Nagios XI Nagios XI version 5.7.5 suffers from a cross site scripting and multiple remote code execution vulnerabilities. Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server. • http://nagios.com http://packetstormsecurity.com/files/161561/Nagios-XI-5.7.5-Remote-Code-Execution.html http://packetstormsecurity.com/files/170924/Nagios-XI-5.7.5-Remote-Code-Execution.html https://assets.nagios.com/downloads/nagiosxi/versions.php https://github.com/fs0c-sh/nagios-xi-5.7.5-bugs/blob/main/README.md https://www.fastly.com/blog/anatomy-of-a-command-injection-cve-2021-25296-7-8-with-metasploit-module-and •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2021-26024

https://notcve.org/view.php?id=CVE-2021-26024

The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to Insecure Direct Object Reference: it is possible to create favorites for any other user account. El plugin Favorites versiones anteriores a 1.0.2 para Nagios XI versión 5.8.0, es vulnerable a una Referencia Directa a Objetos No Segura: es posible crear favoritos para cualquier otra cuenta de usuario • https://www.nagios.com/products/security • CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

CVE-2021-26023

https://notcve.org/view.php?id=CVE-2021-26023

The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to XSS. El plugin Favorites versiones anteriores a 1.0.2 para Nagios XI versión 5.8.0, es vulnerable a un ataque de tipo XSS • https://www.nagios.com/products/security • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1...7 8 9 10 11