Lucene search
K

57 matches found

OSV
OSV
added 2018/09/05 9:29 p.m.4 views

CVE-2018-16144

The test connection functionality in the NetAudit section of Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to command injection due to improper sanitization of the rancidpassword parameter...

9.8CVSS5.8AI score0.32692EPSS
Exploits3References4
NVD
NVD
added 2018/09/05 9:29 p.m.20 views

CVE-2018-16147

The data parameter of the /settings/api/router endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting...

6.1CVSS6.2AI score0.01311EPSS
Exploits3References4
NVD
NVD
added 2018/09/05 9:29 p.m.16 views

CVE-2018-16146

The web management console of Opsview Monitor 5.4.x before 5.4.2 provides functionality accessible by an authenticated administrator to test notifications that are triggered under certain configurable events. The value parameter is not properly sanitized, leading to arbitrary command injection wi...

9CVSS7.3AI score0.06197EPSS
Exploits3References3
Prion
Prion
added 2018/09/05 9:29 p.m.22 views

Cross site scripting

The data parameter of the /settings/api/router endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting...

4.3CVSS6.8AI score0.01311EPSS
Exploits3References4Affected Software1
Prion
Prion
added 2018/09/05 9:29 p.m.10 views

Design/Logic Flaw

The /etc/init.d/opsview-reporting-module script that runs at boot time in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 invokes a file that can be edited by the nagios user, and would allow attackers to elevate their privileges to root after a system restart, hence obtaining full control of...

9.3CVSS8.4AI score0.02308EPSS
Exploits3References4Affected Software1
Prion
Prion
added 2018/09/05 9:29 p.m.25 views

Cross site scripting

The diagnosticsb2ksy parameter of the /rest endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting...

4.3CVSS6.8AI score0.01311EPSS
Exploits3References4Affected Software1
Prion
Prion
added 2018/09/05 9:29 p.m.16 views

Command injection

The test connection functionality in the NetAudit section of Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to command injection due to improper sanitization of the rancidpassword parameter...

10CVSS9.7AI score0.32692EPSS
Exploits3References4Affected Software1
Prion
Prion
added 2018/09/05 9:29 p.m.21 views

Command injection

The web management console of Opsview Monitor 5.4.x before 5.4.2 provides functionality accessible by an authenticated administrator to test notifications that are triggered under certain configurable events. The value parameter is not properly sanitized, leading to arbitrary command injection wi...

9CVSS7.8AI score0.06197EPSS
Exploits3References3Affected Software1
CVE
CVE
added 2018/09/05 9:0 p.m.43 views

CVE-2018-16146

Opsview Monitor 5.x (5.4.x) prior to 5.4.2 contains CVE-2018-16146 where an authenticated administrator can trigger command execution by abusing the web management console test-notification feature. The issue is caused by improper sanitization of the value parameter, enabling arbitrary command in...

9CVSS7.8AI score0.06197EPSS
Exploits3References3Affected Software1
Cvelist
Cvelist
added 2018/09/05 9:0 p.m.28 views

CVE-2018-16147

The data parameter of the /settings/api/router endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting...

6.9AI score0.01311EPSS
Exploits3References4
Cvelist
Cvelist
added 2018/09/05 9:0 p.m.17 views

CVE-2018-16146

The web management console of Opsview Monitor 5.4.x before 5.4.2 provides functionality accessible by an authenticated administrator to test notifications that are triggered under certain configurable events. The value parameter is not properly sanitized, leading to arbitrary command injection wi...

7.9AI score0.06197EPSS
Exploits3References3
Cvelist
Cvelist
added 2018/09/05 9:0 p.m.17 views

CVE-2018-16145

The /etc/init.d/opsview-reporting-module script that runs at boot time in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 invokes a file that can be edited by the nagios user, and would allow attackers to elevate their privileges to root after a system restart, hence obtaining full control of...

8.5AI score0.02308EPSS
Exploits3References4
CVE
CVE
added 2018/09/05 9:0 p.m.58 views

CVE-2018-16144

CVE-2018-16144 affects Opsview Monitor NetAudit: the test connection function can be abused to inject commands via the rancid_password parameter. CoreLabs/ThreatPost detail remote command execution possibilities with PoCs showing reverse shells, affecting Opsview Monitor 5.4, 5.3 and 5.2. Fixed i...

10CVSS9.7AI score0.32692EPSS
Exploits3References4Affected Software1
Cvelist
Cvelist
added 2018/09/05 9:0 p.m.19 views

CVE-2018-16144

The test connection functionality in the NetAudit section of Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to command injection due to improper sanitization of the rancidpassword parameter...

9.8AI score0.32692EPSS
Exploits3References4
Cvelist
Cvelist
added 2018/09/05 9:0 p.m.24 views

CVE-2018-16148

The diagnosticsb2ksy parameter of the /rest endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting...

6.9AI score0.01311EPSS
Exploits3References4
CVE
CVE
added 2018/09/05 9:0 p.m.54 views

CVE-2018-16147

Opsview Monitor CVE-2018-16147 is a stored XSS in the data parameter of the /settings/api/router endpoint. Affected versions include Opsview Monitor 5.3 and 5.4 (and 5.2 per CORE-2018-0008) prior to fixes. The vulnerability can allow an attacker to inject JavaScript executed in the context of an ...

6.1CVSS6.8AI score0.01311EPSS
Exploits3References4Affected Software1
CVE
CVE
added 2018/09/05 9:0 p.m.54 views

CVE-2018-16145

Opsview Monitor vulnerability CVE-2018-16145 affects the boot-time script /etc/init.d/opsview-reporting-module, which runs with Nagios privileges and can be used to elevate to root after a reboot by editing the /opt/opsview/jasper/bin/db_jasper component. The root cause is that the vulnerable scr...

9.3CVSS8.4AI score0.02308EPSS
Exploits3References4Affected Software1
CNVD
CNVD
added 2018/09/05 12:0 a.m.4 views

Opsview Monitor Command Execution Vulnerability

Opsview Monitor is a virtual appliance designed to be deployed in an organization's network infrastructure. It is bundled with a Web management console for monitoring and managing hosts and their services. Opsview Monitor has a command execution vulnerability that allows an attacker to gain acces...

9CVSS7.6AI score0.06197EPSS
Exploits3References1
CNVD
CNVD
added 2018/09/05 12:0 a.m.4 views

Opsview Monitor Cross-Site Scripting Vulnerability (CNVD-2018-17454)

Opsview Monitor is a virtual appliance designed to be deployed in an organization's network infrastructure. It is bundled with a Web management console for monitoring and managing hosts and their services. Opsview Monitor suffers from a cross-site scripting vulnerability that can be exploited by ...

6.1CVSS6.3AI score0.01311EPSS
Exploits3References1
Packet Storm
Packet Storm
added 2018/09/05 12:0 a.m.79 views

Opsview Monitor 5.x Command Execution

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Opsview Monitor Multiple Vulnerabilities 1. Advisory Information Title: Opsview Monitor Multiple Vulnerabilities Advisory ID: CORE-2018-0008 Advisory URL:...

4.3CVSS0.1AI score0.32692EPSS
Exploits9
Rows per page
Query Builder