CVE-2023-40933

A SQL injection vulnerability in Nagios XI v5.11.1 and below allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL commands via the ID parameter sent to the updatebannermessage function...

CVE-2020-25205

The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 is vulnerable to stored XSS in the setbanner function of /var/www/core/controller/index.php. An unauthenticated attacker may set the contents of the /mnt/jffs2/banner.txt file, stored on the device's filesystem, to contain...

Exploit for SQL Injection in Nagios Nagios_Xi

CVE-2023-40933 The sqlmap payload to exploit CVE-2023-40933...

The vulnerability of the utils-banner_message component in NagiosXI software, related to the lack of protective measures for the SQL query structure, allows attackers to execute arbitrary SQL queries.

The vulnerability of the utils-bannermessage component in NagiosXI is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

The vulnerability of the update_banner_message() function in the Nagios XI monitoring tool allows a hacker to gain unauthorized access to protected information and execute arbitrary code.

The vulnerability of the updatebannermessage function in the Nagios XI monitoring tool is related to the lack of measures taken to protect the SQL query structure when processing the ID parameter. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access t...

The vulnerability in the Nagios XI monitoring tool’s script for nagiosxi/admin/banner_message-ajaxhelper.php allows a attacker to disclose protected information.

The vulnerability in the nagiosxi/admin/bannermessage-ajaxhelper.php script of Nagios XI relates to the failure to protect the SQL query structure during the processing of the ID parameter. Exploiting this vulnerability can allow an attacker to disclose sensitive information...

CVE-2023-40933

A SQL injection vulnerability in Nagios XI v5.11.1 and below allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL commands via the ID parameter sent to the updatebannermessage function...

CVE-2023-40933

A SQL injection vulnerability in Nagios XI v5.11.1 and below allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL commands via the ID parameter sent to the updatebannermessage function...

CVE-2023-40931

A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to /nagiosxi/admin/bannermessage-ajaxhelper.php...

CVE-2023-40931

A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to /nagiosxi/admin/bannermessage-ajaxhelper.php...

Nagios XI SQL Injection Vulnerability

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI versions 5.11.0 through 5.11.1, which originates from a...

Nagios XI SQL Injection Vulnerability

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI version 5.11.1 and earlier, which originated from a...

CVE-2020-25205

The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 is vulnerable to stored XSS in the setbanner function of /var/www/core/controller/index.php. An unauthenticated attacker may set the contents of the /mnt/jffs2/banner.txt file, stored on the device's filesystem, to contain...

Cross site scripting

Cross-site scripting XSS vulnerability in the web interface in Pattern Insight 2.3 allows remote authenticated administrators to inject arbitrary web script or HTML via the banner message...

CVE-2012-4938

Cross-site scripting XSS vulnerability in the web interface in Pattern Insight 2.3 allows remote authenticated administrators to inject arbitrary web script or HTML via the banner message...

CentOS 3 : openssh (CESA-2005:550)

Updated openssh packages that fix a potential security vulnerability and various other bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's SSH Secure SHell protocol implementation. This includes the core file...

RHEL 3 : openssh (RHSA-2005:550)

Updated openssh packages that fix a potential security vulnerability and various other bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's SSH Secure SHell protocol implementation. This includes the core file...