RSS   Vulnerabilities for 'Nagios xi'   RSS

2018-05-16
 
CVE-2018-10738

CWE-89
 

 
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/menuaccess.php chbKey1 parameter.

 
 
CVE-2018-10737

CWE-89
 

 
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter.

 
 
CVE-2018-10736

CWE-89
 

 
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/info.php key1 parameter.

 
 
CVE-2018-10735

CWE-89
 

 
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter.

 
2018-04-29
 
CVE-2018-10554

CWE-79
 

 
An issue was discovered in Nagios XI 5.4.13. There is XSS exploitable via CSRF in (1) the Schedule New Report screen via the hour, minute, or ampm parameter, related to components/scheduledreporting; (2) includes/components/xicore/downtime.php, related to the update_pages function; (3) the ajaxhelper.php opts or background parameter; (4) the i[] array parameter to ajax_handler.php; or (5) the deploynotification.php title parameter.

 
 
CVE-2018-10553

CWE-22
 

 
An issue was discovered in Nagios XI 5.4.13. A registered user is able to use directory traversal to read local files, as demonstrated by URIs beginning with index.php?xiwindow=./ and config/?xiwindow=../ substrings.

 
2013-11-26
 
CVE-2013-6875

CWE-89
 

 
SQL injection vulnerability in functions/prepend_adm.php in Nagios Core Config Manager in Nagios XI before 2012R2.4 allows remote attackers to execute arbitrary SQL commands via the tfPassword parameter to nagiosql/index.php.

 

 >>> Vendor: Nagios 7 Products
Nagios
Plugins
Remote plug in executor
Nagstamon
Nagios xi
Remote plugin executor
Nagios core


Copyright 2018, cxsecurity.com

 

Back to Top