EUVD-2020-7874

Malware in sbrugna...

CVE-2020-15901

In Nagios XI before 5.7.3, ajaxhelper.php allows remote authenticated attackers to execute arbitrary commands via cmdsubsys...

Sql injection

A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to /nagiosxi/admin/bannermessage-ajaxhelper.php...

Nagios Access Control Error Vulnerability

Nagios is a set of open source and free network monitoring tools from the American company Nagios. An access control error vulnerability exists in Nagios Fusion version 4.1.8 and earlier, which can be exploited by an attacker to extract the password used to manage the Fusion server via the...

CVE-2020-28911

Incorrect Access Control in Nagios Fusion 4.1.8 and earlier allows low-privileged authenticated users to extract passwords used to manage fused servers via the testserver command in ajaxhelper.php...

Improper access control

Incorrect Access Control in Nagios Fusion 4.1.8 and earlier allows low-privileged authenticated users to extract passwords used to manage fused servers via the testserver command in ajaxhelper.php...

CVE-2020-28911

Incorrect Access Control in Nagios Fusion 4.1.8 and earlier allows low-privileged authenticated users to extract passwords used to manage fused servers via the testserver command in ajaxhelper.php...

Nagios XI ajaxhelper.php Command Injection (CVE-2020-15901)

A command injection vulnerability exists in Nagios XI. This vulnerability is due to insufficient validation of the input parameters in the ajaxhelper.php script...

CVE-2020-15901

In Nagios XI before 5.7.3, ajaxhelper.php allows remote authenticated attackers to execute arbitrary commands via cmdsubsys...

Command injection

In Nagios XI before 5.7.3, ajaxhelper.php allows remote authenticated attackers to execute arbitrary commands via cmdsubsys...

CVE-2020-15901

In Nagios XI before 5.7.3, ajaxhelper.php allows remote authenticated attackers to execute arbitrary commands via cmdsubsys...

CVE-2020-15901

This CVE affects Nagios XI prior to 5.7.3 where the ajaxhelper.php script is vulnerable to command injection via the cmdsubsys parameter. The root cause is insufficient validation/input handling in ajaxhelper.php, enabling remote authenticated attackers to execute arbitrary commands. The NVD note...

Nagios XI Cmdsubsys Command Injection (CVE-2018-15709; CVE-2018-15710)

An command injection vulnerability has been reported in the Command subsystem component of Nagios XI. The vulnerability is due to insufficient validation of command options submitted to ajaxhelper.php for the submitcommand action and the existence of a local privilege escalation vulnerability tha...

Cross site request forgery (csrf)

An issue was discovered in Nagios XI 5.4.13. There is XSS exploitable via CSRF in 1 the Schedule New Report screen via the hour, minute, or ampm parameter, related to components/scheduledreporting; 2 includes/components/xicore/downtime.php, related to the updatepages function; 3 the ajaxhelper.ph...

CVE-2018-10554

An issue was discovered in Nagios XI 5.4.13. There is XSS exploitable via CSRF in 1 the Schedule New Report screen via the hour, minute, or ampm parameter, related to components/scheduledreporting; 2 includes/components/xicore/downtime.php, related to the updatepages function; 3 the ajaxhelper.ph...

CVE-2018-10554

An issue was discovered in Nagios XI 5.4.13. There is XSS exploitable via CSRF in 1 the Schedule New Report screen via the hour, minute, or ampm parameter, related to components/scheduledreporting; 2 includes/components/xicore/downtime.php, related to the updatepages function; 3 the ajaxhelper.ph...

Cross site scripting

Cross-site scripting XSS vulnerability in pivotx/ajaxhelper.php in PivotX 2.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter...

FreeBSD : PivotX -- 'ajaxhelper.php' XSS Vulnerability (0d3547ab-9b69-11e1-bdb1-525401003090)

High-Tech Bridge reports : Input passed via the 'file' GET parameter to /pivotx/ajaxhelper.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in administrator's browser session in context of the affected website...

PivotX -- 'ajaxhelper.php' Cross Site Scripting Vulnerability

High-Tech Bridge reports: Input passed via the "file" GET parameter to /pivotx/ajaxhelper.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in administrator's browser session in context of the affected website...

PivotX 2.3.2 - ajaxhelper.php Cross-Site Scripting

PivotX 2.3.2 - ajaxhelper.php Cross-Site Scripting source: https://www.securityfocus.com/bid/53434/info PivotX is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the...