Vulnerabilities > Nagios > Nagios > 3.0.6
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-01-22 | CVE-2012-6096 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote attackers to execute arbitrary code via a long (1) host_name variable (host parameter) or (2) svc_description variable. | 7.5 |
2011-05-03 | CVE-2011-1523 | Cross-Site Scripting vulnerability in Nagios Cross-site scripting (XSS) vulnerability in statusmap.c in statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the layer parameter. | 4.3 |
2009-07-01 | CVE-2009-2288 | OS Command Injection vulnerability in Nagios statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters. | 7.5 |
2008-10-30 | CVE-2008-4796 | OS Command Injection vulnerability in multiple products The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs. | 10.0 |