CVE-2024-39915
- EPSS 0.21%
- Veröffentlicht 15.07.2024 20:15:03
- Zuletzt bearbeitet 21.11.2024 09:28:33
Thruk is a multibackend monitoring webinterface for Naemon, Nagios, Icinga and Shinken using the Livestatus API. This authenticated RCE in Thruk allows authorized users with network access to inject arbitrary commands via the URL parameter during PDF...
CVE-2024-23822
- EPSS 0.3%
- Veröffentlicht 29.01.2024 16:15:09
- Zuletzt bearbeitet 21.11.2024 08:58:29
Thruk is a multibackend monitoring webinterface. Prior to 3.12, the Thruk web monitoring application presents a vulnerability in a file upload form that allows a threat actor to arbitrarily upload files to the server to any path they desire and have...
CVE-2023-34096
- EPSS 45.11%
- Veröffentlicht 08.06.2023 19:15:09
- Zuletzt bearbeitet 21.11.2024 08:06:32
Thruk is a multibackend monitoring webinterface which currently supports Naemon, Icinga, Shinken and Nagios as backends. In versions 3.06 and prior, the file `panorama.pm` is vulnerable to a Path Traversal vulnerability which allows an attacker to up...
CVE-2021-35490
- EPSS 0.3%
- Veröffentlicht 15.12.2021 20:15:08
- Zuletzt bearbeitet 21.11.2024 06:12:22
Thruk before 2.44 allows XSS for a quick command.
CVE-2021-35488
- EPSS 12.8%
- Veröffentlicht 09.11.2021 23:15:08
- Zuletzt bearbeitet 21.11.2024 06:12:21
Thruk 2.40-2 allows /thruk/#cgi-bin/status.cgi?style=combined&title={TITLE] Reflected XSS via the host or title parameter. An attacker could inject arbitrary JavaScript into status.cgi. The payload would be triggered every time an authenticated user ...
CVE-2021-35489
- EPSS 0.4%
- Veröffentlicht 09.11.2021 23:15:08
- Zuletzt bearbeitet 21.11.2024 06:12:21
Thruk 2.40-2 allows /thruk/#cgi-bin/extinfo.cgi?type=2&host={HOSTNAME]&service={SERVICENAME]&backend={BACKEND] Reflected XSS via the host or service parameter. An attacker could inject arbitrary JavaScript into extinfo.cgi. The malicious payload woul...