9 matches found
PT-2023-7871 · Nagios Xi · Nagios Xi
Name of the Vulnerable Software and Affected Versions: Nagios XI affected versions not specified Description: The issue is related to the Custom Includes module of Nagios XI, which is vulnerable to unrestricted file upload of dangerous types. This could allow a remote attacker to execute arbitrar...
CVE-2021-40344
An issue was discovered in Nagios XI 5.8.5. In the Custom Includes section of the Admin panel, an administrator can upload files with arbitrary extensions as long as the MIME type corresponds to an image. Therefore it is possible to upload a crafted PHP script to achieve remote command execution...
Sql injection
An issue was discovered in Nagios XI 5.8.5. In the Custom Includes section of the Admin panel, an administrator can upload files with arbitrary extensions as long as the MIME type corresponds to an image. Therefore it is possible to upload a crafted PHP script to achieve remote command execution...
CVE-2021-40344
An issue was discovered in Nagios XI 5.8.5. In the Custom Includes section of the Admin panel, an administrator can upload files with arbitrary extensions as long as the MIME type corresponds to an image. Therefore it is possible to upload a crafted PHP script to achieve remote command execution...
Nagios XI 代码问题漏洞
Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI version 5.8.5, which stems from the software's lack of...
Nagios XI Manage.php Directory Traversal (CVE-2021-3277)
A directory traversal vulnerability exists in Nagios XI. The vulnerability is due to insufficient validation of the request parameters in manage.php of the Custom-includes module...
CVE-2021-3277
Nagios XI 5.7.5 and earlier allows authenticated admins to upload arbitrary files due to improper validation of the rename functionality in custom-includes component, which leads to remote code execution by uploading php files...
CVE-2021-3277
Nagios XI 5.7.5 and earlier allows authenticated admins to upload arbitrary files due to improper validation of the rename functionality in custom-includes component, which leads to remote code execution by uploading php files...
Nagios XI代码问题漏洞
Nagios XI is a commercial monitoring solution built on Nagios Core, including dashboards, web-based configuration, advanced reporting and rich data visualization. An arbitrary file upload vulnerability exists in Nagios XI 5.7.5 and earlier versions. The vulnerability stems from improper validatio...