Vulnerabilities > Nagios

DATE CVE VULNERABILITY TITLE RISK
2011-06-14 CVE-2011-2179 Cross-Site Scripting vulnerability in multiple products
Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an (a) command action or a (b) hosts action.
network
icinga nagios CWE-79
4.3
4.3
2011-05-03 CVE-2011-1523 Cross-Site Scripting vulnerability in Nagios
Cross-site scripting (XSS) vulnerability in statusmap.c in statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the layer parameter.
network
nagios CWE-79
4.3
4.3
2009-07-01 CVE-2009-2288 OS Command Injection vulnerability in Nagios
statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters.
network
low complexity
nagios CWE-78
7.5
7.5
2009-03-02 CVE-2008-6373 Code Injection vulnerability in Nagios
Unspecified vulnerability in Nagios before 3.0.6 has unspecified impact and remote attack vectors related to CGI programs, "adaptive external commands," and "writing newlines and submitting service comments."
network
low complexity
nagios CWE-94
5.0
5.0
2008-11-10 CVE-2008-5027 Permissions, Privileges, and Access Controls vulnerability in multiple products
The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this process, via an (a) custom form or a (b) browser addon.
network
low complexity
nagios op5 CWE-264
6.5
6.5
2008-10-30 CVE-2008-4796 OS Command Injection vulnerability in multiple products
The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs.
network
low complexity
snoopy-project debian nagios wordpress CWE-78
critical
 10.0
10
2008-05-13 CVE-2007-5803 Cross-Site Scripting vulnerability in Nagios
Multiple cross-site scripting (XSS) vulnerabilities in CGI programs in Nagios before 2.12 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-5624 and CVE-2008-1360.
network
nagios CWE-79
4.3
4.3
2008-03-17 CVE-2008-1360 Cross-Site Scripting vulnerability in Nagios
Cross-site scripting (XSS) vulnerability in Nagios before 2.11 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts, a different issue than CVE-2007-5624.
network
nagios CWE-79
4.3
4.3
2007-10-23 CVE-2007-5624 Cross-Site Scripting vulnerability in Nagios 2.0.1/2.1.3
Cross-site scripting (XSS) vulnerability in Nagios 2.x before 2.10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts.
network
nagios CWE-79
4.3
4.3
2007-10-23 CVE-2007-5623 Buffer Errors vulnerability in Nagios Plugins 1.4.10
Buffer overflow in the check_snmp function in Nagios Plugins (nagios-plugins) 1.4.10 allows remote attackers to cause a denial of service (crash) via crafted snmpget replies.
network
low complexity
nagios CWE-119
5.0
5.0