Vulnerabilities > Nagios > Nagios > 1.0b1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-05-03 | CVE-2011-1523 | Cross-Site Scripting vulnerability in Nagios Cross-site scripting (XSS) vulnerability in statusmap.c in statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the layer parameter. | 4.3 |
2009-07-01 | CVE-2009-2288 | OS Command Injection vulnerability in Nagios statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters. | 7.5 |
2009-03-02 | CVE-2008-6373 | Code Injection vulnerability in Nagios Unspecified vulnerability in Nagios before 3.0.6 has unspecified impact and remote attack vectors related to CGI programs, "adaptive external commands," and "writing newlines and submitting service comments." | 5.0 |
2008-11-10 | CVE-2008-5027 | Permissions, Privileges, and Access Controls vulnerability in multiple products The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this process, via an (a) custom form or a (b) browser addon. | 6.5 |
2008-05-13 | CVE-2007-5803 | Cross-Site Scripting vulnerability in Nagios Multiple cross-site scripting (XSS) vulnerabilities in CGI programs in Nagios before 2.12 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-5624 and CVE-2008-1360. | 4.3 |
2006-05-19 | CVE-2006-2489 | Remote Content-Length Integer Overflow vulnerability in Nagios Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a content length (Content-Length) HTTP header. | 7.5 |