Nagios XI多个远程安全漏洞

Bugtraq ID:57672 Nagios是一款免费开放源代码的主机和服务监视软件 Nagios存在多个安全漏洞，包括： -Alert Cloud组件存在反射型跨站脚本漏洞，可获得敏感信息或劫持用户会话。 -Nagios QL存在存储型跨站脚本漏洞，可获得敏感信息或劫持用户会话。 -Autodiscovery没有正确过滤输入，允许攻击者提交恶意作业执行任意代码。 -'admin/commandline.php'脚本不正确过滤用户提交的参数，允许攻击者利用漏洞注入任意SQL。 -Nagios QL存在跨站请求伪造漏洞，允许攻击者利用漏洞执行恶意操作。...

Nagios XI 2012R1.5b XSS / Command Execution / SQL Injection / CSRF

Nagios XI version 2012R1.5b suffers from cross site request forgery, cross site scripting, remote command injection, and remote SQL injection vulnerabilities. Reflected XSS: Alert Cloud Component: Example URL: http://nagiosxiserver/nagiosxi/includes/components/alertcloud/index.php?width=800";...

Nagios XI 2012R1.5b XSS / Command Execution / SQL Injection / CSRF

Reflected XSS: Alert Cloud Component: Example URL: http://nagiosxiserver/nagiosxi/includes/components/alertcloud/index.php?width=800"; alert'xss'; var aa="a" : "b" : " The vulnerable code in Alert Cloud's index.php appears to have been copied and pasted into several other components as well...