1445 matches found
CVE-2021-40906
CheckMK Raw Edition software versions 1.5.0 to 1.6.0 does not sanitise the input of a web service parameter that is in an unauthenticated zone. This Reflected XSS allows an attacker to open a backdoor on the device with HTML content and interpreted by the browser such as JavaScript or other...
CVE-2021-40905
The web management console of CheckMK Enterprise Edition versions 1.5.0 to 2.0.0p9 does not properly sanitise the uploading of ".mkp" files, which are Extension Packages, making remote code execution possible. Successful exploitation requires access to the web management interface, either with...
CVE-2021-40905
The CVE-2021-40905 issue affects Checkmk Enterprise Edition where the web management console does not properly sanitize uploads of ".mkp" Extension Packages, enabling remote code execution. OpenVAS details list Checkmk versions 1.5.x through 2.0.0p17 as vulnerable; the NVD entry covers 1.5.0–2.0....
CVE-2021-40905
The web management console of CheckMK Enterprise Edition versions 1.5.0 to 2.0.0p9 does not properly sanitise the uploading of ".mkp" files, which are Extension Packages, making remote code execution possible. Successful exploitation requires access to the web management interface, either with...
CVE-2021-40904
CVE-2021-40904 affects CheckMK Raw Edition versions 1.5.0–1.6.0 . A misconfiguration in the default Dokuwiki web-app allows embedding PHP code, leading to remote code execution . Exploitation requires access to the web management interface, with valid credentials or a hijacked admin session. The ...
CVE-2021-40904
The web management console of CheckMK Raw Edition versions 1.5.0 to 1.6.0 allows a misconfiguration of the web-app Dokuwiki installed by default, which allows embedded php code. As a result, remote code execution is achieved. Successful exploitation requires access to the web management interface...
CheckMK Raw Edition 跨站脚本漏洞
tribe29 CheckMK Raw Edition is a comprehensive and flexible IT monitoring system from tribe29 Germany. A security vulnerability exists in CheckMK Raw Edition that allows an attacker to open a backdoor on the device with HTML content that is interpreted by the browser e.g., JavaScript or other...
PT-2022-11333 · Unknown · Checkmk Enterprise Edition
Name of the Vulnerable Software and Affected Versions: CheckMK Enterprise Edition versions 1.5.0 through 2.0.0p9 Description: The web management console of CheckMK Enterprise Edition does not properly sanitise the uploading of ".mkp" files, which are Extension Packages, making remote code executi...
Checkmk 代码问题漏洞
Checkmk is an editor. A code issue vulnerability exists in CheckMK Enterprise Edition that stems from a successful exploit requiring access to the web administration interface using valid credentials or by hijacking the session of a user with the administrator role...
PT-2022-11332 · Unknown +1 · Checkmk Raw Edition +1
Name of the Vulnerable Software and Affected Versions: CheckMK Raw Edition versions 1.5.0 through 1.6.0 Description: The issue concerns a misconfiguration in the web management console of CheckMK Raw Edition, specifically with the Dokuwiki web-app that is installed by default. This misconfigurati...
CheckMK Raw Edition 安全漏洞
tribe29 CheckMK Raw Edition is a comprehensive and flexible IT monitoring system from tribe29, Germany. A security vulnerability exists in CheckMK Raw Edition that originates from a successful exploit that requires the use of valid credentials or a user with the administrator role to hijack a...
Checkmk Cross-Site Scripting Vulnerability (CNVD-2022-17021)
Checkmk is an editor. A cross-site scripting vulnerability exists in Checkmk versions 2.0.0p19 and earlier and 1.6.0p27 and earlier, which stems from the lack of proper validation of client-side data by the web application. An attacker could exploit this vulnerability to execute client-side code...
Checkmk Cross-Site Scripting Vulnerability (CNVD-2022-71406)
Checkmk is an editor. A cross-site scripting vulnerability exists in Checkmk versions 2.0.0p19 and earlier and 1.6.0p27 and earlier. The vulnerability stems from the failure to properly escape the title of a predefined condition when displayed as a condition, which can be exploited by attackers t...
CVE-2022-24565
Checkmk =2.0.0p19 Fixed in 2.0.0p20 and Checkmk =1.6.0p27 Fixed in 1.6.0p28 are affected by a Cross Site Scripting XSS vulnerability. The Alias of a site was not properly escaped when shown as condition for notifications...
CVE-2022-24565
Checkmk =2.0.0p19 Fixed in 2.0.0p20 and Checkmk =1.6.0p27 Fixed in 1.6.0p28 are affected by a Cross Site Scripting XSS vulnerability. The Alias of a site was not properly escaped when shown as condition for notifications...
CVE-2022-24566
In Checkmk =2.0.0p19 fixed in 2.0.0p20 and Checkmk =1.6.0p27 fixed in 1.6.0p28, the title of a Predefined condition is not properly escaped when shown as condition, which can result in Cross Site Scripting XSS...
CVE-2022-24566
In Checkmk =2.0.0p19 fixed in 2.0.0p20 and Checkmk =1.6.0p27 fixed in 1.6.0p28, the title of a Predefined condition is not properly escaped when shown as condition, which can result in Cross Site Scripting XSS...
CVE-2022-24565
Checkmk =2.0.0p19 Fixed in 2.0.0p20 and Checkmk =1.6.0p27 Fixed in 1.6.0p28 are affected by a Cross Site Scripting XSS vulnerability. The Alias of a site was not properly escaped when shown as condition for notifications...
CVE-2022-24566
In Checkmk =2.0.0p19 fixed in 2.0.0p20 and Checkmk =1.6.0p27 fixed in 1.6.0p28, the title of a Predefined condition is not properly escaped when shown as condition, which can result in Cross Site Scripting XSS...
UBUNTU-CVE-2022-24565
Checkmk =2.0.0p19 Fixed in 2.0.0p20 and Checkmk =1.6.0p27 Fixed in 1.6.0p28 are affected by a Cross Site Scripting XSS vulnerability. The Alias of a site was not properly escaped when shown as condition for notifications...