Cross-site scripting (XSS) vulnerability in Nagios. (CVSS:4.3) (Last Update:2017-04-04)
Category Archives: Nagios
Nagios
CVE-2014-5009
Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008. (CVSS:7.5) (Last Update:2017-04-04)
CVE-2008-7313
The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796. (CVSS:7.5) (Last Update:2017-04-04)
CVE-2016-10089
Nagios 4.2.4 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641. (CVSS:7.2) (Last Update:2017-02-17)
CVE-2016-9565
MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4796. (CVSS:7.5) (Last Update:2016-12-16)
CVE-2016-9566
base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565. (CVSS:7.2) (Last Update:2016-12-16)
CVE-2014-4701
The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4702. (CVSS:2.1) (Last Update:2014-12-05)
CVE-2014-4703
lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain sensitive information via a symlink attack on the configuration file in the extra-opts flag. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4701. (CVSS:2.1) (Last Update:2014-12-05)
CVE-2014-4702
The check_icmp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4701. (CVSS:2.1) (Last Update:2014-12-05)
CVE-2014-1878
Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a denial of service (segmentation fault) via a long message to cmd.cgi. (CVSS:5.0) (Last Update:2014-02-28)