Lucene search

Monit Security Vulnerabilities

cve

CVE-2022-26563

An issue was discovered in Tildeslash Monit before 5.31.0, allows remote attackers to gain escilated privlidges due to improper...

8.8CVSS

8.7AI Score

0.001EPSS

2023-07-18 02:15 PM

cve

CVE-2019-11455

A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service (application...

8.1CVSS

7.5AI Score

0.002EPSS

2019-04-22 04:29 PM

cve

CVE-2019-11454

Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during...

6.1CVSS

6.3AI Score

0.002EPSS

2019-04-22 04:29 PM

cve

CVE-2019-11393

An issue was discovered in /admin/users/update in M/Monit before 3.7.3. It allows unprivileged users to escalate their privileges to an administrator by requesting a password change and specifying the admin...

9.8CVSS

7.6AI Score

0.081EPSS

2019-04-22 11:29 AM

cve

CVE-2016-7067

Monit before version 5.20.0 is vulnerable to a cross site request forgery attack. Successful exploitation will enable an attacker to disable/enable all monitoring for a particular host or disable/enable monitoring for a specific...

6.5CVSS

6.1AI Score

0.001EPSS

2018-09-10 02:29 PM

cve

CVE-2014-6409

Cross-site request forgery (CSRF) vulnerability in M/Monit 3.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that change user passwords via the fullname and password parameters to...

7.4AI Score

0.007EPSS

2014-10-06 11:55 PM

cve

CVE-2014-6607

M/Monit 3.3.2 and earlier does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via the fullname and password parameters, a different vulnerability than...

7.2AI Score

0.012EPSS

2014-10-06 11:55 PM

cve

CVE-2004-1899

The administration interface in Monit 1.4 through 4.2 allows remote attackers to cause an off-by-one overflow via a POST that contains 1024...

7.1AI Score

0.016EPSS

2004-12-31 05:00 AM

cve

CVE-2004-1898

Stack-based buffer overflow in the administration interface in Monit 1.4 through 4.2 allows remote attackers to execute arbitrary code via a long...

8.3AI Score

0.195EPSS

2004-12-31 05:00 AM

cve

CVE-2003-1083

Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote attackers to execute arbitrary code via a long HTTP...

8.2AI Score

0.132EPSS

2003-12-31 05:00 AM

cve

CVE-2003-1084

Monit 1.4 to 4.1 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request with a negative Content-Length...

6.8AI Score

0.065EPSS

2003-11-24 05:00 AM