57 matches found
CVE-2018-16144
The test connection functionality in the NetAudit section of Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to command injection due to improper sanitization of the rancidpassword parameter...
CVE-2018-16147
The data parameter of the /settings/api/router endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting...
CVE-2018-16146
The web management console of Opsview Monitor 5.4.x before 5.4.2 provides functionality accessible by an authenticated administrator to test notifications that are triggered under certain configurable events. The value parameter is not properly sanitized, leading to arbitrary command injection wi...
Cross site scripting
The data parameter of the /settings/api/router endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting...
Design/Logic Flaw
The /etc/init.d/opsview-reporting-module script that runs at boot time in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 invokes a file that can be edited by the nagios user, and would allow attackers to elevate their privileges to root after a system restart, hence obtaining full control of...
Cross site scripting
The diagnosticsb2ksy parameter of the /rest endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting...
Command injection
The test connection functionality in the NetAudit section of Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to command injection due to improper sanitization of the rancidpassword parameter...
Command injection
The web management console of Opsview Monitor 5.4.x before 5.4.2 provides functionality accessible by an authenticated administrator to test notifications that are triggered under certain configurable events. The value parameter is not properly sanitized, leading to arbitrary command injection wi...
CVE-2018-16146
Opsview Monitor 5.x (5.4.x) prior to 5.4.2 contains CVE-2018-16146 where an authenticated administrator can trigger command execution by abusing the web management console test-notification feature. The issue is caused by improper sanitization of the value parameter, enabling arbitrary command in...
CVE-2018-16147
The data parameter of the /settings/api/router endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting...
CVE-2018-16146
The web management console of Opsview Monitor 5.4.x before 5.4.2 provides functionality accessible by an authenticated administrator to test notifications that are triggered under certain configurable events. The value parameter is not properly sanitized, leading to arbitrary command injection wi...
CVE-2018-16145
The /etc/init.d/opsview-reporting-module script that runs at boot time in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 invokes a file that can be edited by the nagios user, and would allow attackers to elevate their privileges to root after a system restart, hence obtaining full control of...
CVE-2018-16144
CVE-2018-16144 affects Opsview Monitor NetAudit: the test connection function can be abused to inject commands via the rancid_password parameter. CoreLabs/ThreatPost detail remote command execution possibilities with PoCs showing reverse shells, affecting Opsview Monitor 5.4, 5.3 and 5.2. Fixed i...
CVE-2018-16144
The test connection functionality in the NetAudit section of Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to command injection due to improper sanitization of the rancidpassword parameter...
CVE-2018-16148
The diagnosticsb2ksy parameter of the /rest endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting...
CVE-2018-16147
Opsview Monitor CVE-2018-16147 is a stored XSS in the data parameter of the /settings/api/router endpoint. Affected versions include Opsview Monitor 5.3 and 5.4 (and 5.2 per CORE-2018-0008) prior to fixes. The vulnerability can allow an attacker to inject JavaScript executed in the context of an ...
CVE-2018-16145
Opsview Monitor vulnerability CVE-2018-16145 affects the boot-time script /etc/init.d/opsview-reporting-module, which runs with Nagios privileges and can be used to elevate to root after a reboot by editing the /opt/opsview/jasper/bin/db_jasper component. The root cause is that the vulnerable scr...
Opsview Monitor Command Execution Vulnerability
Opsview Monitor is a virtual appliance designed to be deployed in an organization's network infrastructure. It is bundled with a Web management console for monitoring and managing hosts and their services. Opsview Monitor has a command execution vulnerability that allows an attacker to gain acces...
Opsview Monitor Cross-Site Scripting Vulnerability (CNVD-2018-17454)
Opsview Monitor is a virtual appliance designed to be deployed in an organization's network infrastructure. It is bundled with a Web management console for monitoring and managing hosts and their services. Opsview Monitor suffers from a cross-site scripting vulnerability that can be exploited by ...
Opsview Monitor 5.x Command Execution
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Opsview Monitor Multiple Vulnerabilities 1. Advisory Information Title: Opsview Monitor Multiple Vulnerabilities Advisory ID: CORE-2018-0008 Advisory URL:...