25 matches found
CVE-2020-36969
M/Monit 3.7.4 contains a privilege escalation vulnerability that allows authenticated users to modify user permissions by manipulating the admin parameter. Attackers can send a POST request to the /api/1/admin/users/update endpoint with a crafted payload to grant administrative access to a standa...
CVE-2020-36968
M/Monit 3.7.4 contains an authentication vulnerability that allows authenticated attackers to retrieve user password hashes through an administrative API endpoint. Attackers can send requests to the /api/1/admin/users/list and /api/1/admin/users/get endpoints to extract MD5 password hashes for al...
CVE-2020-36969
M/Monit 3.7.4 contains a privilege escalation vulnerability that allows authenticated users to modify user permissions by manipulating the admin parameter. Attackers can send a POST request to the /api/1/admin/users/update endpoint with a crafted payload to grant administrative access to a standa...
UBUNTU-CVE-2020-36969
M/Monit 3.7.4 contains a privilege escalation vulnerability that allows authenticated users to modify user permissions by manipulating the admin parameter. Attackers can send a POST request to the /api/1/admin/users/update endpoint with a crafted payload to grant administrative access to a standa...
CVE-2020-36969
M/Monit 3.7.4 contains a privilege escalation vulnerability that allows authenticated users to modify user permissions by manipulating the admin parameter. Attackers can send a POST request to the /api/1/admin/users/update endpoint with a crafted payload to grant administrative access to a standa...
EUVD-2016-7947
Malware in sbrugna...
EUVD-2014-6289
Malware in sbrugna...
EUVD-2003-1074
Malware in sbrugna...
CVE-2022-26563
An issue was discovered in Tildeslash Monit before 5.31.0, allows remote attackers to gain escilated privlidges due to improper PAM-authorization...
SUSE CVE-2016-7067
Monit before version 5.20.0 is vulnerable to a cross site request forgery attack. Successful exploitation will enable an attacker to disable/enable all monitoring for a particular host or disable/enable monitoring for a specific service...
SUSE CVE-2019-11454
Persistent cross-site scripting XSS in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an...
DEBIAN-CVE-2019-11455
A buffer over-read in UtilurlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service application outage...
M/Monit Elevation of Privilege Vulnerability
M/Monit monitors and manages distributed computer systems, performs automated maintenance and remediation, and performs meaningful causal behavior in the event of an error. An elevation of privilege vulnerability exists in /admin/users/update in versions of M/Monit prior to 3.7.3. An unprivileged...
UBUNTU-CVE-2016-7067
Monit before version 5.20.0 is vulnerable to a cross site request forgery attack. Successful exploitation will enable an attacker to disable/enable all monitoring for a particular host or disable/enable monitoring for a specific service...
CVE-2004-1897
Administration interface in Monit 1.4 through 4.2 allows remote attackers to cause a denial of service segmentation fault by sending a Basic Authentication request without a password, which causes Monit to decrement a null pointer and perform an out-of-bounds read...
CVE-2004-1897
Administration interface in Monit 1.4 through 4.2 allows remote attackers to cause a denial of service segmentation fault by sending a Basic Authentication request without a password, which causes Monit to decrement a null pointer and perform an out-of-bounds read...
DEBIAN-CVE-2004-1897
Administration interface in Monit 1.4 through 4.2 allows remote attackers to cause a denial of service segmentation fault by sending a Basic Authentication request without a password, which causes Monit to decrement a null pointer and perform an out-of-bounds read...
CVE-2004-1899
The administration interface in Monit 1.4 through 4.2 allows remote attackers to cause an off-by-one overflow via a POST that contains 1024 bytes...
Monit <= 4.2 Basic Authentication Remote Root Exploit
Exploit for linux platform in category remote exploits ===================================================== Monit linuxmailorg - Abhisek Datta abhisekfrontru 06.04.2004 http://www.eos-india.net New Targets : RedHat 9 Fedora Core 2 Slackware 8.1 Update Code :...
Monit <= 4.2 Basic Authentication Remote Root Exploit
No description provided by source. / THE EYE ON SECURITY RESEARCH GROUP - INDIA http://www.eos-india.net/poc/305monit.c Remote Root Exploit for Monit = 4.2 Vulnerability: Buffer overflow in handling of Basic Authentication informations. Server authenticates clients through: Authentication: Basic...