Nagios XI Network Monitor Graph Explorer Component Command Injection

This module exploits a vulnerability found in Nagios XI Network Monitor's component 'Graph Explorer'. An authenticated user can execute system commands by injecting it in several parameters, such as in visApi.php's 'host' parameter, which results in remote code execution. This module requires...

Nagios XI Network Monitor 2011R1.9 OS Command Injection

======= Summary ======= Name: Nagios XI Network Monitor - OS Command Injection Release Date: 30 November 2012 Reference: NGS00196 Discoverer: Daniel Compton Vendor: Nagios Vendor Reference: 0000283 Systems Affected: Nagios XI Network Monitor 2011R1.9 Risk: High Status: Published ======== TimeLine...

DEBIAN-CVE-2012-3513

munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command...

Directory traversal

Directory traversal vulnerability in Be Graph BeZIP before 3.10 allows remote attackers to create or overwrite arbitrary files via a crafted archive file...

CVE-2012-5171

Directory traversal vulnerability in Be Graph BeZIP before 3.10 allows remote attackers to create or overwrite arbitrary files via a crafted archive file...

CVE-2012-5171

CVE-2012-5171 affects BeZIP before 3.10 from Be Graph Co., Ltd. A directory traversal vulnerability in the extraction process allows a crafted archive to create or overwrite arbitrary files on a affected system. The root cause is improper validation of archive paths during extraction, enabling ac...

JVN#18223913: BeZIP vulnerable to directory traversal

BeZIP provided by Be Graph Co.,Ltd. is a file compression/extraction software supporting ZIP and LZH formats. BeZIP contains a directory traversal vulnerability. Impact An arbitrary file may be created or altered when extracting a specially crafted file. Solution Update the software Update to the...

[SECURITY] Fedora 17 Update: munin-2.0.6-2.fc17

Munin is a highly flexible and powerful solution used to create graphs of virtually everything imaginable throughout your network, while still maintaining a rattling ease of installation and configuration. This package contains the grapher/gatherer. You will only need one instance of it in your...

CVE-2011-5146

Bokken before 1.6 and 1.5-x before 1.5-3 for Debian allows local users to overwrite arbitrary files via a symlink attack on /tmp/graph.dot...

Mozilla: Multiple Use-after-free issues (MFSA 2012-58)

Use-after-free vulnerability in the MediaStreamGraphThreadRunnable::Run function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a deni...

Mozilla: Multiple Use-after-free issues (MFSA 2012-58)

Use-after-free vulnerability in the MediaStreamGraphThreadRunnable::Run function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a deni...

DEBIAN-CVE-2012-4678

munin-cgi-graph for Munin 2.0 rc4 does not delete temporary files, which allows remote attackers to cause a denial of service disk consumption via many requests to an image with unique parameters...

DEBIAN-CVE-2012-2104

cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without sanitizing non-printable characters, which might allow user-assisted remote attackers to inject terminal emulator escape sequences and execute arbitrary commands or delete arbitrary files via a crafted HTTP request...

CVE-2012-2147

munin-cgi-graph in Munin 2.0 rc4 allows remote attackers to cause a denial of service disk or memory consumption via many image requests with large values in the 1 sizex or 2 sizey parameters...

Code injection

munin-cgi-graph for Munin 2.0 rc4 does not delete temporary files, which allows remote attackers to cause a denial of service disk consumption via many requests to an image with unique parameters...

CVE-2012-4678

CVE‑2012‑4678 affects munin-cgi-graph in Munin 2.0 rc4. Root cause: it does not delete temporary files, allowing remote attackers to cause DoS via many requests to an image with unique parameters. Public documents do not specify a patch/workaround or explicit exploit details.

CVE-2012-2104

cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without sanitizing non-printable characters, which might allow user-assisted remote attackers to inject terminal emulator escape sequences and execute arbitrary commands or delete arbitrary files via a crafted HTTP request...

CVE-2012-4678

munin-cgi-graph for Munin 2.0 rc4 does not delete temporary files, which allows remote attackers to cause a denial of service disk consumption via many requests to an image with unique parameters...

Apache Struts 2 ConversionErrorInterceptor Java Injection

Added: 08/02/2012 CVE: CVE-2012-0391 OSVDB: 78277 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem Struts uses...

CVE-2012-2090

Multiple format string vulnerabilities in FlightGear 2.6 and earlier and SimGear 2.6 and earlier allow user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in certain data chunk values in an aircraft xml model to 1...