The vulnerability in the Nagios XI monitoring tool’s script for nagiosxi/admin/banner_message-ajaxhelper.php allows a attacker to disclose protected information.

The vulnerability in the nagiosxi/admin/bannermessage-ajaxhelper.php script of Nagios XI relates to the failure to protect the SQL query structure during the processing of the ID parameter. Exploiting this vulnerability can allow an attacker to disclose sensitive information...

Nagios 安全漏洞

Nagios is a set of open source and free network monitoring tools from the American company Nagios. An access control error vulnerability exists in Nagios Fusion version 4.1.8 and earlier, which can be exploited by an attacker to extract the password used to manage the Fusion server via the...

Nagios XI Arbitrary Command Execution Vulnerability (CNVD-2020-64267)

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems and more. An arbitrary command execution vulnerability exists in the ajaxhelper.php file in Nagios XI versions prior ...

CVE-2020-15901

In Nagios XI before 5.7.3, ajaxhelper.php allows remote authenticated attackers to execute arbitrary commands via cmdsubsys...

CVE-2018-10554

An issue was discovered in Nagios XI 5.4.13. There is XSS exploitable via CSRF in 1 the Schedule New Report screen via the hour, minute, or ampm parameter, related to components/scheduledreporting; 2 includes/components/xicore/downtime.php, related to the updatepages function; 3 the ajaxhelper.ph...