Vulnerabilities > Nagios > Nagios > 3.0.5
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-01-22 | CVE-2012-6096 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote attackers to execute arbitrary code via a long (1) host_name variable (host parameter) or (2) svc_description variable. | 7.5 |
2011-05-03 | CVE-2011-1523 | Cross-Site Scripting vulnerability in Nagios Cross-site scripting (XSS) vulnerability in statusmap.c in statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the layer parameter. | 4.3 |
2009-07-01 | CVE-2009-2288 | OS Command Injection vulnerability in Nagios statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters. | 7.5 |
2009-03-02 | CVE-2008-6373 | Code Injection vulnerability in Nagios Unspecified vulnerability in Nagios before 3.0.6 has unspecified impact and remote attack vectors related to CGI programs, "adaptive external commands," and "writing newlines and submitting service comments." | 5.0 |
2008-10-30 | CVE-2008-4796 | OS Command Injection vulnerability in multiple products The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs. | 10.0 |