EUVD-2014-1940

Malware in sbrugna...

NETGEAR WNR854T cmd.cgi file command execution vulnerability

The NETGEAR WNR854T is a wireless router from NETGEAR. A command execution vulnerability exists in the NETGEAR WNR854T version 1.5.2, which stems from the cmd.cgi file failing to properly filter construct command special characters, commands, and so on. An attacker can exploit this vulnerability ...

CVE-2024-54806

Netgear WNR854T 1.5.2 North America is vulnerable to Arbitrary command execution in cmd.cgi which allows for the execution of system commands via the web interface...

CVE-2024-54806

Netgear WNR854T (firmware 1.5.2, North America) is affected by CVE-2024-54806 due to an Arbitrary command execution in cmd.cgi. The root cause, as described in CNVD/RH/NVD entries, is that cmd.cgi does not adequately filter constructed commands and characters, enabling an attacker to execute syst...

NETGEAR WNR854T 安全漏洞

The NETGEAR WNR854T is a wireless router from NETGEAR. A command execution vulnerability exists in the NETGEAR WNR854T version 1.5.2, which stems from the cmd.cgi file failing to properly filter construct command special characters, commands, and so on. An attacker can exploit this vulnerability ...

SUSE CVE-2008-5028

Cross-site request forgery CSRF vulnerability in cmd.cgi in 1 Nagios 3.0.5 and 2 op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests...

SUSE CVE-2013-7107

Cross-site request forgery CSRF vulnerability in cmd.cgi in Icinga 1.8.5, 1.9.4, 1.10.2, and earlier allows remote attackers to hijack the authentication of users for unspecified commands via unspecified vectors, as demonstrated by bypassing authentication requirements for CVE-2013-7106...

CVE-2019-13379

AVTECH Room Alert 3E devices with firmware versions prior to 2.2.5 are vulnerable to privilege escalation. An attacker who can access the device’s web interface can escalate from an unauthenticated user to administrator by sending cmd.cgi?action=ResetDefaults&src=RA reset and then using default c...

USN-3253-2 nagios3 regression

USN-3253-1 fixed vulnerabilities in Nagios. The update prevented log files from being displayed in the web interface. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Nagios incorrectly handled certain long strings. A remote...

[SECURITY] [DLA 60-1] icinga security update

Package : icinga Version : 1.0.2-2+squeeze2 CVE ID : CVE-2013-7108 CVE-2014-1878 Two fixes for the Classic UI: - fix off-by-one memory access in processcgivars CVE-2013-7108 - prevent possible buffer overflows in cmd.cgi CVE-2014-1878...

DLA-60-1 icinga - security update

Bulletin has no description...

Nagios cmd.cgi Denial Of Service Vulnerability

Nagios is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nagios:nagios";...

CVE-2014-1878

Stack-based buffer overflow in the cmdsubmitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a denial of service segmentation fault via a long message to cmd.cgi...

UBUNTU-CVE-2014-1878

Stack-based buffer overflow in the cmdsubmitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a denial of service segmentation fault via a long message to cmd.cgi...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in cmd.cgi in Icinga 1.8.5, 1.9.4, 1.10.2, and earlier allows remote attackers to hijack the authentication of users for unspecified commands via unspecified vectors, as demonstrated by bypassing authentication requirements for CVE-2013-7106...

CVE-2013-7107

CVE-2013-7107 describes a CSRF vulnerability in Icinga’s cmd.cgi that can allow remote attackers to hijack a user’s authenticated session for unspecified commands. Affected versions include Icinga 1.8.5, 1.9.4, 1.10.2 and earlier. The issue is demonstrated by bypassing authentication for CVE-2013...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in cmd.cgi in 1 Nagios 3.0.5 and 2 op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests...

CVE-2008-5028

CVE-2008-5028 is a CSRF in Nagios' cmd.cgi affecting Nagios 3.0.5 and op5 Monitor before 4.0.1. The vulnerability allows remote attackers to trigger commands in the Nagios process via unspecified HTTP requests, potentially enabling execution of arbitrary commands. Related advisories (Gentoo GLSA-...