Nagios

Nagios Xi

195 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 5.63%
  • Veröffentlicht 25.02.2021 14:15:12
  • Zuletzt bearbeitet 21.11.2024 06:21:11

Nagios XI below 5.7 is affected by code injection in the /nagiosxi/admin/graphtemplates.php component. To exploit this vulnerability, someone must have an admin user account in Nagios XI's web system.

Exploit
  • EPSS 14.28%
  • Veröffentlicht 15.02.2021 18:15:13
  • Zuletzt bearbeitet 21.11.2024 05:13:16

NagiosXI 5.6.11 is affected by a remote code execution (RCE) vulnerability. An authenticated nagiosadmin user can inject additional commands into a request. NOTE: the vendor disputes whether the CVE and its references are actionable because all techn...

Exploit
  • EPSS 16.61%
  • Veröffentlicht 15.02.2021 18:15:13
  • Zuletzt bearbeitet 21.11.2024 05:16:10

Nagios XI 5.7.2 is affected by a remote code execution (RCE) vulnerability. An authenticated user can inject additional commands into normal webapp query.

Warnung Exploit
  • EPSS 71.54%
  • Veröffentlicht 15.02.2021 13:15:12
  • Zuletzt bearbeitet 09.07.2026 13:39:49

Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by ...

Warnung Exploit
  • EPSS 58.74%
  • Veröffentlicht 15.02.2021 13:15:12
  • Zuletzt bearbeitet 09.07.2026 13:39:51

Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single...

Warnung Exploit
  • EPSS 75.2%
  • Veröffentlicht 15.02.2021 13:15:12
  • Zuletzt bearbeitet 09.07.2026 13:39:54

Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php due to improper sanitization of authenticated user-controlled input by a si...

Exploit
  • EPSS 97.71%
  • Veröffentlicht 15.02.2021 13:15:12
  • Zuletzt bearbeitet 09.07.2026 01:16:47

Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). The vulnerability exists in the file /usr/local/nagiosxi/html/admin/sshterm.php due to improper sanitization of user-controlled input. A maliciously crafted URL, when clicked by an...

  • EPSS 9.77%
  • Veröffentlicht 26.01.2021 18:16:28
  • Zuletzt bearbeitet 21.11.2024 06:21:06

Improper access and command validation in the Nagios Docker Config Wizard before 1.1.2, as used in Nagios XI through 5.7, allows an unauthenticated attacker to execute remote code as the apache user.

Exploit
  • EPSS 81.92%
  • Veröffentlicht 13.01.2021 21:15:12
  • Zuletzt bearbeitet 21.11.2024 05:27:37

An issue was discovered in the Manage Plugins page in Nagios XI before 5.8.0. Because the line-ending conversion feature is mishandled during a plugin upload, a remote, authenticated admin user can execute operating-system commands.

  • EPSS 21.75%
  • Veröffentlicht 16.11.2020 17:15:13
  • Zuletzt bearbeitet 21.11.2024 05:22:09

Nagios XI before 5.7.5 is vulnerable to XSS in the Deployment tool (add agent).