CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-40272
https://notcve.org/view.php?id=CVE-2021-40272
OP5 Monitor 8.3.1, 8.3.2, and OP5 8.3.3 are vulnerable to Cross Site Scripting (XSS). OP5 Monitor 8.3.1, 8.3.2 y OP5 8.3.3 son vulnerables a Cross Site Scripting (XSS). • https://github.com/hosakauk/exploits/blob/master/itrs_op5_monitor_xss.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 21EXPL: 1CVE-2014-4907
https://notcve.org/view.php?id=CVE-2014-4907
Cross-site scripting (XSS) vulnerability in share/pnp/application/views/kohana_error_page.php in PNP4Nagios before 0.6.22 allows remote attackers to inject arbitrary web script or HTML via a parameter that is not properly handled in an error message. Vulnerabildad de XSS en share/pnp/application/views/kohana_error_page.php en PNP4Nagios anterior a 0.6.22 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un parámetro que no se maneja debidamente en un mensaje de error. • http://docs.pnp4nagios.org/pnp-0.6/dwnld http://openwall.com/lists/oss-security/2014/07/11/3 http://secunia.com/advisories/59535 http://secunia.com/advisories/59603 http://sourceforge.net/p/pnp4nagios/code/ci/f846a6c9d007ca2bee05359af747619151195fc9 http://www.op5.com/blog/news/op5-monitor-6-3-1-release-notes http://www.securityfocus.com/bid/68350 https://bugs.op5.com/view.php?id=8761 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 29EXPL: 0CVE-2013-6141
https://notcve.org/view.php?id=CVE-2013-6141
Unspecified vulnerability in op5 Monitor before 6.1.3 allows attackers to read arbitrary files via unknown vectors related to lack of authorization. Vulnerabilidad no especificada en op5 Monitor anterior a la versión 6.1.3 permite a atacantes remotos leer archivos arbitrarios a través de vectores desconocidos relacionados con una falta de autorización. • https://bugs.op5.com/view.php?id=7677 •
CVSS: 10.0EPSS: 3%CPEs: 3EXPL: 1CVE-2012-0264 – OP5 Command Execution / Information Disclosure
https://notcve.org/view.php?id=CVE-2012-0264
op5 Monitor and op5 Appliance before 5.5.0 do not properly manage session cookies, which allows remote attackers to have an unspecified impact via unspecified vectors. Monitor y Appliance op5 anterior a 5.5.0 no gestionan adecuadamente las cookies de sesión, que permite a atacantes remotos tener un impacto no especificado a través de vectores no especificados. OP5 suffers from poor session management, credential leakage and multiple remote root command execution vulnerabilities. • http://seclists.org/fulldisclosure/2012/Jan/62 http://secunia.com/advisories/47344 http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance http://www.osvdb.org/78066 https://bugs.op5.com/view.php?id=5094 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 85%CPEs: 6EXPL: 1CVE-2012-0261 – OP5 5.3.5/5.4.0/5.4.2/5.5.0/5.5.1 - 'license.php' Remote Command Execution
https://notcve.org/view.php?id=CVE-2012-0261
license.php in system-portal before 1.6.2 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the timestamp parameter for an install action. El codigo license.php en system-portal anterior a 1.6.2 del Monitor y Appliance op5 anterior a 5.5.3 permite a atacantes remotos ejecutar comandos arbitrarios mediante metacaracteres de shell en el parámetro de marca de tiempo para una acción de instalación. OP5 suffers from poor session management, credential leakage and multiple remote root command execution vulnerabilities. • https://www.exploit-db.com/exploits/41686 http://seclists.org/fulldisclosure/2012/Jan/62 http://secunia.com/advisories/47417 http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance http://www.osvdb.org/78064 https://bugs.op5.com/view.php?id=5094 http://web.archive.org/web/20140724161718/http://secunia.com/advisories/47417 • CWE-94: Improper Control of Generation of Code ('Code Injection') •