Critical Flaws Discovered in Veeam ONE IT Monitoring Software – Patch Now

Veeam has released security updates to address four flaws in its ONE IT monitoring and analytics platform, two of which are rated critical in severity. The list of vulnerabilities is as follows - CVE-2023-38547 CVSS score: 9.9 - An unspecified flaw that can be leveraged by an unauthenticated user...

EyesOfNetwork Local File Inclusion Vulnerability

EyesOfNetwork EON is an open source, free IT monitoring solution from the EyesOfNetwork community. The solution provides business process configuration tools, generates pop-up windows when events occur in the active queue, and other features.EyesOfNetwork EON 5.3.11 and earlier versions have a...

EyesOfNetwork SQL Injection Vulnerability

EyesOfNetwork EON is an open source, free IT monitoring solution from the EyesOfNetwork community. The solution provides features such as a business process configuration tool, generating pop-up windows when events occur in the active queue, and more. EyesOfNetwork EON 5.3.11 and prior versions...

EyesOfNetwork Cross-Site Scripting Vulnerability (CNVD-2022-34647)

EyesOfNetwork is an open source, free IT monitoring solution from the EyesOfNetwork community. The solution provides features such as business process configuration tools, generating pop-ups when events occur in the active queue, etc. EyesOfNetwork suffers from a cross-site scripting vulnerabilit...

Details Disclosed On Critical Flaws Affecting Nagios IT Monitoring Software

Cybersecurity researchers disclosed details about 13 vulnerabilities in the Nagios network monitoring application that could be abused by an adversary to hijack the infrastructure without any operator intervention. "In a telco setting, where a telco is monitoring thousands of sites, if a customer...

Unspecified vulnerability in Performance Manager

Broadcom CA Performance Management is an IT monitoring solution from Broadcom. It is designed to monitor and manage IT systems and network infrastructures. A security vulnerability exists in Performance Manager through 6.3.2.12, which can be exploited by an attacker to cause an escalation of...

Centreon SQL Injection Vulnerability (CNVD-2021-11075)

Centreon is a free and open source IT and application monitoring software. A SQL injection vulnerability exists in Centreon 19.10-3.el7. An attacker can exploit this vulnerability to inject SQL queries, which can be used for remote command execution...

France Ties Russia's Sandworm to a Multiyear Hacking Spree

A French security agency warns that the destructively minded group has exploited an IT monitoring tool from Centreon...

In the Wake of the SolarWinds Hack, Here's How Businesses Should Respond

Throughout 2020, businesses, in general, have had their hands full with IT challenges. They had to rush to accommodate a sudden shift to remote work. Then they had to navigate a rapid adoption of automation technologies. And as the year came to a close, more businesses began trying to assemble th...

Centreon 19.10.5 - Database Credentials Disclosure

Exploit Title: Centreon 19.10.5 - Database Credentials Disclosure Date: 2020-01-27 Exploit Author: Fabien AUNAY, Omri Baso Vendor Homepage: https://www.centreon.com/ Software Link: https://github.com/centreon/centreon Version: 19.10.5 Tested on: CentOS 7 CVE : - Centreon 19.10.5 Database...

Multiple Remote Code-Execution Flaws Patched in Opsview Monitor

A slew of vulnerabilities have been disclosed in Opsview Monitor a proprietary IT monitoring software for networks and applications, which could enable remote code-execution, command-execution and local privilege-escalation. A total of five flaws CVE-2018-16148, CVE-2018-16147, CVE-2018-16146,...

Ansible Tower Unsupported Version

The version of Ansible Tower running on the remote server has reached the end of support, and will no longer receive security updates from the vendor. It could therefore be affected by multiple vulnerabilities. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

Check_MK < 1.4.0p6 webapi.py XSS

The version of CheckMK running on the remote web server is prior to 1.4.0p6. It is, therefore, affected by a reflected cross-site XSS scripting vulnerability in webapi.py due to error messages being interpreted as HTML when they should be plain text. An unauthenticated, remote attacker can exploi...

up.time 7.5.0 Arbitrary File Disclose / Delete

up.time 7.5.0 Arbitrary File Disclose And Delete Exploit Vendor: Idera Inc. Product web page: http://www.uptimesoftware.com Affected version: 7.5.0 build 16 and 7.4.0 build 13 Summary: The next-generation of IT monitoring software. Desc: Input passed to the 'filename' parameter in 'get2post.php'...

up.time 7.5.0 Cross Site Request Forgery / Cross Site Scripting

up.time 7.5.0 XSS And CSRF Add Admin Exploit Vendor: Idera Inc. Product web page: http://www.uptimesoftware.com Affected version: 7.5.0 build 16 and 7.4.0 build 13 Summary: The next-generation of IT monitoring software. Desc: The application allows users to perform certain actions via HTTP...

up.time 7.5.0 Arbitrary File Disclose And Delete Exploit

Exploit for php platform in category web applications up.time 7.5.0 Arbitrary File Disclose And Delete Exploit Vendor: Idera Inc. Product web page: http://www.uptimesoftware.com Affected version: 7.5.0 build 16 and 7.4.0 build 13 Summary: The next-generation of IT monitoring software. Desc: Input...

up.time 7.5.0 XSS And CSRF Add Admin Exploit

Exploit for php platform in category web applications up.time 7.5.0 XSS And CSRF Add Admin Exploit Vendor: Idera Inc. Product web page: http://www.uptimesoftware.com Affected version: 7.5.0 build 16 and 7.4.0 build 13 Summary: The next-generation of IT monitoring software. Desc: The application...

up.time 7.5.0 - Upload and Execute

up.time 7.5.0 - Upload and Execute up.time 7.5.0 Upload And Execute File Exploit Vendor: Idera Inc. Product web page: http://www.uptimesoftware.com Affected version: 7.5.0 build 16 and 7.4.0 build 13 Summary: The next-generation of IT monitoring software. Desc: up.time suffers from arbitrary...

up.time 7.5.0 Arbitrary File Disclose And Delete Exploit

Summary The next-generation of IT monitoring software. Description Input passed to the 'filename' parameter in 'get2post.php' script is not properly sanitised before being used to get the contents of a resource and delete files. This can be exploited to read and delete arbitrary data from local...

up.time 7.5.0 XSS And CSRF Add Admin Exploit

Summary The next-generation of IT monitoring software. Description The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-i...