101 matches found
UBUNTU-CVE-2014-5339
CheckMK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allows remote authenticated users to write checkmk config files .mk files to arbitrary locations via vectors related to row selections...
CVE-2014-5340
CVE-2014-5340 affects Check_MK via the wato component. The underlying issue is the unsafe use of Python’s pickle API in wato, allowing a remote attacker to execute arbitrary code by sending a crafted serialized object, tied to the automation URL. Affected versions noted in sources include Check_M...
CVE-2014-5340
The wato component in CheckMK before 1.2.4p4 and 1.2.5 before 1.2.5i4 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to an automation URL...
CVE-2014-5339
CVE-2014-5339 affects Check_MK 1.2.4p4 and 1.2.5i4 and prior, where an authenticated remote attacker could abuse row selections to write Check_MK configuration files (.mk) to arbitrary filesystem locations due to an insecure handling path. Affected products/versions in public advisories align wit...
CVE-2014-5339
CheckMK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allows remote authenticated users to write checkmk config files .mk files to arbitrary locations via vectors related to row selections...
Deutsche Telekom CERT Advisory [DTC-A-20140820-001] check_mk vulnerabilities
Deutsche Telekom CERT Advisory DTC-A-20140820-001 Summary: Several vulnerabilities were found in checkmk prior versions 1.2.4p4 and 1.2.5i4. The vulnerabilities are: 1 - Reflected Cross-Site Scripting XSS 2 - write access to config files .mk files 3 - arbitrary code execution Recommendations:...
CVE-2014-5338
Multiple cross-site scripting XSS vulnerabilities in the multisite component in CheckMK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the 1 renderstatusicons function in htmllib.py or 2 ajaxaction functio...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the multisite component in CheckMK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the 1 renderstatusicons function in htmllib.py or 2 ajaxaction functio...
CVE-2014-5338
Multiple cross-site scripting XSS vulnerabilities in the multisite component in CheckMK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the 1 renderstatusicons function in htmllib.py or 2 ajaxaction functio...
CVE-2014-5338
Multiple cross-site scripting XSS vulnerabilities in the multisite component in CheckMK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the 1 renderstatusicons function in htmllib.py or 2 ajaxaction functio...
CVE-2014-5338
CVE-2014-5338 affects Check_MK 1.2.4 (<1.2.4p4) and 1.2.5 (
LSE Leading Security Experts GmbH - LSE-2014-05-21 - Check_MK - Arbitrary File Disclosure Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 === LSE Leading Security Experts GmbH - Security Advisory LSE-2014-05-21 === CheckMK - Arbitrary File Disclosure Vulnerability - -------------------------------------------------- Affected Versions ================= Linux versions of CheckMK equal or...
check_mk symbolic links vulnerability
Symbolic links are not checked during files operation...
Check_MK Arbitrary File Disclosure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 === LSE Leading Security Experts GmbH - Security Advisory LSE-2014-05-21 === CheckMK - Arbitrary File Disclosure Vulnerability - -------------------------------------------------- Affected Versions ================= Linux versions of CheckMK equal or...
Deutsche Telekom CERT Advisory [DTC-A-20140324-002] update140328 - vulnerabilities in check_mk
Deutsche Telekom CERT Advisory DTC-A-20140324-002 update140328 Summary: Several vulnerabilities were found in checkmk version 1.2.2p2. Update to original advisory: Corrected: vulnerability 5 and 6 not 4 and 5 are currently not fixed. The vulnerabilities are: 1 - Reflected Cross-Site Scripting XSS...
Check_MK任意文件上传漏洞(CVE-2014-2331)
BUGTRAQ ID:66394 CVE ID:CVE-2014-2331 CheckMK是一款通用的Nagios/Icinga数据采集插件。 CheckMK 1.2.2p2及其他版本在实现上存在任意文件上传漏洞,成功利用后可使远程攻击者向受影响系统上传任意文件。 0 mathias-kettner checkmk 1.2.2p2 目前厂商还没有提供补丁或者升级程序: http://mathias-kettner.de...
Check_MK跨站请求伪造漏洞(CVE-2014-2330)
BUGTRAQ ID:66389 CVE ID:CVE-2014-2330 CheckMK是一款通用的Nagios/Icinga数据采集插件。 CheckMK 1.2.2p2及其他版本在实现上存在跨站请求伪造漏洞,成功利用后可使远程攻击者在受影响浏览器上下文中执行未授权操作。 0 mathias-kettner checkmk 1.2.2p2 目前厂商还没有提供补丁或者升级程序: http://mathias-kettner.de...
Check_MK 多个HTML注入和跨站脚本漏洞(CVE-2014-2329)
BUGTRAQ ID:66391 CVE ID:CVE-2014-2329 CheckMK是一款通用的Nagios/Icinga数据采集插件。 CheckMK 1.2.2p2及其他版本在实现上存在多个HTML注入漏洞和跨站脚本漏洞,成功利用后可使远程攻击者在受影响浏览器上下文中运行上传的HTML和脚本代码。 0 mathias-kettner checkmk 1.2.2p2 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://mathias-kettner.de...
Check_MK 任意文件删除漏洞(CVE-2014-2332)
BUGTRAQ ID:66396 CVE ID:CVE-2014-2332 CheckMK是一款通用的Nagios/Icinga数据采集插件。 CheckMK 1.2.2p2及其他版本在实现上存在任意文件删除漏洞,成功利用后可使远程攻击者删除受影响应用上下文内的任意文件。 0 mathias-kettner checkmk 1.2.2p2 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://mathias-kettner.de...
[SECURITY] Fedora 19 Update: nagstamon-0.9.9-9.fc19
Nagstamon is a Nagios status monitor which takes place in system tray or on desktop GNOME, KDE, Windows as floating status bar to inform you in real-time about the status of your Nagios and derivatives monitored network. It allows to connect to multiple Nagios, Icinga, Opsview, Op5,...