13 matches found
Linux Distros Unpatched Vulnerability : CVE-2018-18250
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Icinga Web 2 before 2.6.2 allows parameters that break navigation dashlets, as demonstrated by a single '$' character as the Name of a Navigation item...
CVE-2023-47622
iTop is an IT service management platform. When dashlet are refreshed, XSS attacks are possible. This vulnerability is fixed in 3.0.4 and 3.1.1...
PT-2024-13462 · Itop +1 · Itop +1
Name of the Vulnerable Software and Affected Versions: iTop versions prior to 3.0.4 iTop versions prior to 3.1.1 Description: iTop is an IT service management platform. When dashlets are refreshed, XSS attacks are possible. Recommendations: For versions prior to 3.0.4, update to version 3.0.4 or...
SUSE CVE-2018-18250
Icinga Web 2 before 2.6.2 allows parameters that break navigation dashlets, as demonstrated by a single '$' character as the Name of a Navigation item...
CVE-2021-40345
An issue was discovered in Nagios XI 5.8.5. In the Manage Dashlets section of the Admin panel, an administrator can upload ZIP files. A command injection within the name of the first file in the archive allows an attacker to execute system commands...
Nagios XI 命令注入漏洞
Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems and more. Nagios XI 5.8.5 suffers from a security vulnerability that originates in the Manage Dashlets section of the...
PT-2021-22866 · Nagios Xi · Nagios Xi
Name of the Vulnerable Software and Affected Versions: Nagios XI version 5.8.5 Description: An issue was discovered in the Manage Dashlets section of the Admin panel, where an administrator can upload ZIP files. A command injection, within the name of the first file in the archive, allows an...
CVE-2021-40345
CVE-2021-40345 affects Nagios XI 5.8.5. In the Admin panel’s Manage Dashlets, an administrator-uploaded ZIP can trigger a command injection via the name of the first file in the archive, enabling execution of system commands. Several sources document authenticated command-injection abuse (includi...
Code injection
Icinga Web 2 before 2.6.2 allows parameters that break navigation dashlets, as demonstrated by a single '$' character as the Name of a Navigation item...
CVE-2018-18250
Icinga Web 2 before 2.6.2 allows parameters that break navigation dashlets, as demonstrated by a single '$' character as the Name of a Navigation item...
UBUNTU-CVE-2018-18250
Icinga Web 2 before 2.6.2 allows parameters that break navigation dashlets, as demonstrated by a single '$' character as the Name of a Navigation item...
DEBIAN-CVE-2018-18250
Icinga Web 2 before 2.6.2 allows parameters that break navigation dashlets, as demonstrated by a single '$' character as the Name of a Navigation item...
CVE-2018-18250
CVE-2018-18250 affects Icinga Web 2 prior to version 2.6.2, where crafted navigation item names (notably a single '$') can break navigation dashlets. The issue is documented across multiple sources tied to Icinga Web 2, including openSUSE/SUSE advisories and OSS/OSS-related bulletins, indicating ...