65 matches found
CVE-2023-22496
Netdata is an open source option for real-time infrastructure monitoring and troubleshooting. An attacker with the ability to establish a streaming connection can execute arbitrary commands on the targeted Netdata agent. When an alert is triggered, the function healthalarmexecute is called. This...
CVE-2023-22496
Netdata is an open source option for real-time infrastructure monitoring and troubleshooting. An attacker with the ability to establish a streaming connection can execute arbitrary commands on the targeted Netdata agent. When an alert is triggered, the function healthalarmexecute is called. This...
CVE-2023-22497
Netdata CVE-2023-22497 concerns a streaming configuration flaw where a valid MACHINE_GUID could be used as an API key in stream.conf, allowing non-trusted users to access parent/child Netdata Agents. Affects Netdata agents that expose streaming functionality; attacker could leverage this to acces...
CVE-2023-22497
Netdata is an open source option for real-time infrastructure monitoring and troubleshooting. Each Netdata Agent has an automatically generated MACHINE GUID. It is generated when the agent first starts and it is saved to disk, so that it will persist across restarts and reboots. Anyone who has...
CVE-2023-22496 Netdata vulnerable to command injection
Netdata is an open source option for real-time infrastructure monitoring and troubleshooting. An attacker with the ability to establish a streaming connection can execute arbitrary commands on the targeted Netdata agent. When an alert is triggered, the function healthalarmexecute is called. This...
CVE-2023-22496
Netdata is an open source option for real-time infrastructure monitoring and troubleshooting. An attacker with the ability to establish a streaming connection can execute arbitrary commands on the targeted Netdata agent. When an alert is triggered, the function healthalarmexecute is called. This...
CVE-2023-22496
CVE-2023-22496 affects Netdata. An attacker able to establish a streaming connection can manipulate a health alert’s non-sanitized argument (registry_hostname) to cause the Netdata agent to execute arbitrary commands on the remote host as the netdata user. This is triggered during health_alarm_ex...
OpServices OpMon Cross-Site Scripting Vulnerability
OpServices OpMon is IT infrastructure monitoring software from OpServices Brazil. It can help your organization manage events in an automated manner.OpServices OpMon version 9.11 has a cross-site scripting vulnerability that can be exploited by attackers to execute JavaScript code on the client...
[SECURITY] Fedora 34 Update: zabbix-5.0.21-1.fc34
Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechanism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers...
Atlassian Bugs Could Have Led to 1-Click Takeover
Atlassian, a platform used by 180,000 customers to engineer software and manage projects, could have been hijacked with a single click due to security flaws, researchers have disclosed. On Thursday, Check Point Research CPR published a report PDF outlining how an attacker could have exploited the...
The vulnerability of the cron/cmd_subsys.php implementation of the software for monitoring IT infrastructure by Nagios Fusion allows a perpetrator to escalate their privileges.
The vulnerability of the cron/cmdsubsys.php implementation of the Nagios Fusion IT infrastructure monitoring software is related to insufficient cleaning of input data. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...
Zoho ManageEngine OpManager Remote Code Execution Vulnerability (CNVD-2021-30701)
ZOHO ZOHO ManageEngine OpManager is an end-to-end integrated network management software, which can realize all-round, visualized, unified and centralized monitoring and management of IT infrastructure such as network devices, servers, hosts, WAN links, applications and services within the...
Weak password vulnerability in xbrother data center infrastructure monitoring
Ltd. is China's leading green and intelligent data center total solution provider, dedicated to making data centers simpler, safer, more efficient and energy-saving. In the fields of modular data center, monitoring and management, energy-saving transformation and remote operation and maintenance...
Nagios XI Code Injection Vulnerability
Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems and more. A code injection vulnerability exists in Nagios XI versions prior to 5.7. The vulnerability stems from the...
Cabot 0.11.12 Cross Site Scripting
Exploit Title: Cabot 0.11.12 - Persistent Cross-Site Scripting Date: 2020-09-06 Exploit Author: Abhiram V Vendor Homepage: https://cabotapp.com/ Software Link: https://github.com/arachnys/cabot Version: 0.11.12 Tested on: Ubuntu Linux Introduction Cabot is a free, open-source, self-hosted...
Cabot 0.11.12 - Persistent Cross-Site Scripting
Exploit Title: Cabot 0.11.12 - Persistent Cross-Site Scripting Date: 2020-09-06 Exploit Author: Abhiram V Vendor Homepage: https://cabotapp.com/ Software Link: https://github.com/arachnys/cabot Version: 0.11.12 Tested on: Ubuntu Linux Introduction Cabot is a free, open-source, self-hosted...
CVE-2019-19699
There is Authenticated remote code execution in Centreon Infrastructure Monitoring Software through 19.10 via Pollers misconfiguration, leading to system compromise via apache crontab misconfiguration, This allows the apache user to modify an executable file executed by root at 22:30 every day. T...
CVE-2019-19699
There is Authenticated remote code execution in Centreon Infrastructure Monitoring Software through 19.10 via Pollers misconfiguration, leading to system compromise via apache crontab misconfiguration, This allows the apache user to modify an executable file executed by root at 22:30 every day. T...
Centreon 19.10.5 - centreontrapd Remote Command Execution
Centreon 19.10.5 - centreontrapd Remote Command Execution Exploit Title: Centreon 19.10.5 - 'centreontrapd' Remote Command Execution Date: 2020-01-29 Exploit Author: Fabien AUNAY, Omri Baso Vendor Homepage: https://www.centreon.com/ Software Link: https://github.com/centreon/centreon Version:...
Centreon 19.10.5 - 'Pollers' Remote Command Execution
Exploit Title: Centreon 19.10.5 - 'Pollers' Remote Command Execution Date: 2020-01-27 Exploit Author: Omri Baso, Fabien Aunay Vendor Homepage: https://www.centreon.com/ Software Link: https://github.com/centreon/centreon Version: 19.10.5 Tested on: CentOS 7.7 CVE : - Centreon 19.10.5 Remote Comma...