CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16834 – Gentoo Linux Security Advisory 201806-09
https://notcve.org/view.php?id=CVE-2017-16834
16 Nov 2017 — PNP4Nagios through 0.6.26 has /usr/bin/npcd and npcd.cfg owned by an unprivileged account but root code execution depends on these files, which allows local users to gain privileges by leveraging access to this unprivileged account. En PNP4Nagios hasta la versión 0.6.26, /usr/bin/npcd y npcd.cfg son propiedad de una cuenta sin privilegios, pero la ejecución de código root depende de estos archivos. Esto permite que usuarios locales obtengan privilegios aprovechando el acceso a esta cuenta sin privilegios. A... • https://github.com/lingej/pnp4nagios/issues/140 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.1EPSS: 0%CPEs: 21EXPL: 1CVE-2014-4907
https://notcve.org/view.php?id=CVE-2014-4907
11 Jul 2014 — Cross-site scripting (XSS) vulnerability in share/pnp/application/views/kohana_error_page.php in PNP4Nagios before 0.6.22 allows remote attackers to inject arbitrary web script or HTML via a parameter that is not properly handled in an error message. Vulnerabildad de XSS en share/pnp/application/views/kohana_error_page.php en PNP4Nagios anterior a 0.6.22 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un parámetro que no se maneja debidamente en un mensaje de e... • http://docs.pnp4nagios.org/pnp-0.6/dwnld • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 20EXPL: 2CVE-2014-4908
https://notcve.org/view.php?id=CVE-2014-4908
11 Jul 2014 — Multiple cross-site scripting (XSS) vulnerabilities in PNP4Nagios through 0.6.22 allow remote attackers to inject arbitrary web script or HTML via the URI used for reaching (1) share/pnp/application/views/kohana_error_page.php or (2) share/pnp/application/views/template.php, leading to improper handling within an http-equiv="refresh" META element. Múltiples vulnerabilidades de XSS en PNP4Nagios hasta 0.6.22 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de la UR... • http://openwall.com/lists/oss-security/2014/07/11/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2012-3457
https://notcve.org/view.php?id=CVE-2012-3457
12 Aug 2012 — PNP4Nagios 0.6 through 0.6.16 uses world-readable permissions for process_perfdata.cfg, which allows local users to obtain the Gearman shared secret by reading the file. PNP4Nagios de v0.6 hasta v0.6.16 utiliza permisos de lectura para process_perfdata.cfg, el cual podría permitir a usuarios locales obtener la clave compartida Gearman mediante la lectura del fichero. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683879 • CWE-264: Permissions, Privileges, and Access Controls •