CVE-2020-36868

Nagios XI prior to 5.7.3 has a privilege escalation in the getprofile.sh helper script. The script uses insecure file/command handling and insufficient validation of attacker-controlled inputs, and in some deployments can run with elevated privileges. A local attacker with low-level access could ...

EUVD-2021-23916

Malware in sbrugna...

CVE-2021-37347

Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because getprofile.sh does not validate the directory name it receives as an argument...

CVE-2021-37347

Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because getprofile.sh does not validate the directory name it receives as an argument...

CVE-2021-37347

Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because getprofile.sh does not validate the directory name it receives as an argument...

CVE-2020-28910

Creation of a Temporary Directory with Insecure Permissions in Nagios XI 5.7.5 and earlier allows for Privilege Escalation via creation of symlinks, which are mishandled in getprofile.sh...

CVE-2020-28910

Creation of a Temporary Directory with Insecure Permissions in Nagios XI 5.7.5 and earlier allows for Privilege Escalation via creation of symlinks, which are mishandled in getprofile.sh...

Nagios XI getprofile.sh Remote Command Execution Exploit

This Metasploit module exploits a vulnerability in the getprofile.sh script of Nagios XI versions prior to 5.6.6 in order to upload a malicious checkping plugin and thereby execute arbitrary commands. For Nagios XI 5.2.0 through 5.4.13, the commands are run as the nagios user. For versions 5.5.0...