217 matches found
Klog Server <=2.41 - Unauthenticated Command Injection
Klog Server 2.4.1 and prior is susceptible to an unauthenticated command injection vulnerability. The authenticate.php file uses the user HTTP POST parameter in a call to the shellexec PHP function without appropriate input validation, allowing arbitrary command execution as the apache user. The...
EUVD-2019-20077
VA MAX 8.3.4 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by injecting shell metacharacters into the mtueth0 parameter. Attackers can send POST requests to the changeip.php endpoint with malicious payload in the mtueth0 field to...
CVE-2019-25671
VA MAX 8.3.4 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by injecting shell metacharacters into the mtueth0 parameter. Attackers can send POST requests to the changeip.php endpoint with malicious payload in the mtueth0 field to...
CVE-2019-25671
CVE-2019-25671 affects VA MAX 8.3.4. A remote code execution vulnerability exists in the changeip.php endpoint, where an authenticated attacker can inject shell metacharacters in the mtu_eth0 parameter and trigger arbitrary commands as the apache user via a POST request. The issue is exploitable ...
CVE-2019-25671
VA MAX 8.3.4 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by injecting shell metacharacters into the mtueth0 parameter. Attackers can send POST requests to the changeip.php endpoint with malicious payload in the mtueth0 field to...
CVE-2019-25671 VA MAX 8.3.4 Remote Code Execution via changeip.php
VA MAX 8.3.4 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by injecting shell metacharacters into the mtueth0 parameter. Attackers can send POST requests to the changeip.php endpoint with malicious payload in the mtueth0 field to...
PT-2026-30480
VA MAX 8.3.4 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by injecting shell metacharacters into the mtu eth0 parameter. Attackers can send POST requests to the changeip.php endpoint with malicious payload in the mtu eth0 field t...
CVE-2020-7954
An issue was discovered in OpServices OpMon 9.3.2. Starting from the apache user account, it is possible to perform privilege escalation through the lack of correct configuration in the server's sudoers file, which by default allows the execution of programs e.g. nmap without the need for a...
CVE-2021-47700
Nagios XI versions prior to 5.8.7 used a temporary directory for Highcharts exports with overly permissive ownership/permissions under the Apache user. Local or co-hosted processes could read/overwrite export artifacts or manipulate paths, risking disclosure or tampering and potential code...
CVE-2024-58273
Nagios Log Server versions prior to 2024R1.0.2 contain a local privilege escalation vulnerability that allows an attacker who could execute commands as the Apache web user or the backend shell user to escalate to root on the host...
EUVD-2024-55060
Nagios Log Server versions prior to 2024R1.0.2 contain a local privilege escalation vulnerability that allows an attacker who could execute commands as the Apache web user or the backend shell user to escalate to root on the host...
CVE-2024-58273
Nagios Log Server versions prior to 2024R1.0.2 contain a local privilege escalation vulnerability that allows an attacker who could execute commands as the Apache web user or the backend shell user to escalate to root on the host...
CVE-2024-58273
Nagios Log Server versions prior to 2024R1.0.2 contain a local privilege escalation vulnerability that allows an attacker who could execute commands as the Apache web user or the backend shell user to escalate to root on the host...
CVE-2024-58273 Nagios Log Server < 2024R1.0.2 LPE from Apache/Backend Shell User to Root
Nagios Log Server versions prior to 2024R1.0.2 contain a local privilege escalation vulnerability that allows an attacker who could execute commands as the Apache web user or the backend shell user to escalate to root on the host...
CVE-2024-58273 Nagios Log Server < 2024R1.0.2 LPE from Apache/Backend Shell User to Root
Nagios Log Server versions prior to 2024R1.0.2 contain a local privilege escalation vulnerability that allows an attacker who could execute commands as the Apache web user or the backend shell user to escalate to root on the host...
CVE-2024-58273
CVE-2024-58273 affects Nagios Log Server prior to 2024R1.0.2. The vulnerability enables local privilege escalation when an attacker can run commands as the Apache web user (or backend shell user), escalating to root on the host. Red Hat and related sources corroborate the LPE exposure in affected...
PT-2025-44509
Name of the Vulnerable Software and Affected Versions Nagios Log Server versions prior to 2024R1.0.2 Description The software contains a local privilege escalation issue. An attacker with the ability to execute commands as the Apache web user or the backend shell user can gain root access on the...
EUVD-2009-5121
Malware in sbrugna...
EUVD-2020-28876
Malware in sbrugna...
EUVD-2009-1460
Malware in sbrugna...