Vulnerabilities > Nagios

DATE CVE VULNERABILITY TITLE RISK
2018-05-16 CVE-2018-10737 SQL Injection vulnerability in Nagios XI
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter.
network
low complexity
nagios CWE-89
6.5
2018-05-16 CVE-2018-10736 SQL Injection vulnerability in Nagios XI
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/info.php key1 parameter.
network
low complexity
nagios CWE-89
6.5
2018-05-16 CVE-2018-10735 SQL Injection vulnerability in Nagios XI
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter.
network
low complexity
nagios CWE-89
6.5
2018-04-30 CVE-2018-10554 Cross-Site Request Forgery (CSRF) vulnerability in Nagios XI 5.4.13
An issue was discovered in Nagios XI 5.4.13.
network
nagios CWE-352
3.5
2018-04-30 CVE-2018-10553 Path Traversal vulnerability in Nagios XI 5.4.13
An issue was discovered in Nagios XI 5.4.13.
network
low complexity
nagios CWE-22
4.0
2018-04-18 CVE-2018-8736 Unspecified vulnerability in Nagios XI
A privilege escalation vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to leverage an RCE vulnerability escalating to root.
network
low complexity
nagios
critical
9.0
2018-04-18 CVE-2018-8735 OS Command Injection vulnerability in Nagios XI
Remote command execution (RCE) vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary commands on the target system, aka OS command injection.
network
low complexity
nagios CWE-78
critical
9.0
2018-04-18 CVE-2018-8734 SQL Injection vulnerability in Nagios XI
SQL injection vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary SQL commands via the selInfoKey1 parameter.
network
low complexity
nagios CWE-89
7.5
2018-04-18 CVE-2018-8733 SQL Injection vulnerability in Nagios XI
Authentication bypass vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an unauthenticated attacker to make configuration changes and leverage an authenticated SQL injection vulnerability.
network
low complexity
nagios CWE-89
7.5
2018-02-06 CVE-2015-3618 Cross-site Scripting vulnerability in Nagios Business Process Intelligence
Cross-site scripting (XSS) vulnerability in Nagios Business Process Intelligence (BPI) before 2.3.4 allows remote attackers to inject arbitrary web script or HTML via vectors involving index.php.
network
nagios CWE-79
4.3