CVE-2020-36969

M/Monit 3.7.4 contains a privilege escalation vulnerability that allows authenticated users to modify user permissions by manipulating the admin parameter. Attackers can send a POST request to the /api/1/admin/users/update endpoint with a crafted payload to grant administrative access to a standa...

CVE-2020-36968

M/Monit 3.7.4 contains an authentication vulnerability that allows authenticated attackers to retrieve user password hashes through an administrative API endpoint. Attackers can send requests to the /api/1/admin/users/list and /api/1/admin/users/get endpoints to extract MD5 password hashes for al...

CVE-2020-36969

M/Monit 3.7.4 contains a privilege escalation vulnerability that allows authenticated users to modify user permissions by manipulating the admin parameter. Attackers can send a POST request to the /api/1/admin/users/update endpoint with a crafted payload to grant administrative access to a standa...

UBUNTU-CVE-2020-36969

M/Monit 3.7.4 contains a privilege escalation vulnerability that allows authenticated users to modify user permissions by manipulating the admin parameter. Attackers can send a POST request to the /api/1/admin/users/update endpoint with a crafted payload to grant administrative access to a standa...

CVE-2020-36969

M/Monit 3.7.4 contains a privilege escalation vulnerability that allows authenticated users to modify user permissions by manipulating the admin parameter. Attackers can send a POST request to the /api/1/admin/users/update endpoint with a crafted payload to grant administrative access to a standa...

EUVD-2003-1074

Malware in sbrugna...

EUVD-2014-6289

Malware in sbrugna...

EUVD-2016-7947

Malware in sbrugna...

CVE-2022-26563

An issue was discovered in Tildeslash Monit before 5.31.0, allows remote attackers to gain escilated privlidges due to improper PAM-authorization...

SUSE CVE-2016-7067

Monit before version 5.20.0 is vulnerable to a cross site request forgery attack. Successful exploitation will enable an attacker to disable/enable all monitoring for a particular host or disable/enable monitoring for a specific service...

SUSE CVE-2019-11454

Persistent cross-site scripting XSS in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an...

DEBIAN-CVE-2019-11455

A buffer over-read in UtilurlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service application outage...

M/Monit Elevation of Privilege Vulnerability

M/Monit monitors and manages distributed computer systems, performs automated maintenance and remediation, and performs meaningful causal behavior in the event of an error. An elevation of privilege vulnerability exists in /admin/users/update in versions of M/Monit prior to 3.7.3. An unprivileged...

UBUNTU-CVE-2016-7067

Monit before version 5.20.0 is vulnerable to a cross site request forgery attack. Successful exploitation will enable an attacker to disable/enable all monitoring for a particular host or disable/enable monitoring for a specific service...

Vulnerabilities of the Gentoo Linux operating system, which allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the monit package up to version 4.1 inclusive of the Gentoo Linux operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

CVE-2004-1899

The administration interface in Monit 1.4 through 4.2 allows remote attackers to cause an off-by-one overflow via a POST that contains 1024 bytes...

CVE-2004-1897

Administration interface in Monit 1.4 through 4.2 allows remote attackers to cause a denial of service segmentation fault by sending a Basic Authentication request without a password, which causes Monit to decrement a null pointer and perform an out-of-bounds read...

DEBIAN-CVE-2004-1897

Administration interface in Monit 1.4 through 4.2 allows remote attackers to cause a denial of service segmentation fault by sending a Basic Authentication request without a password, which causes Monit to decrement a null pointer and perform an out-of-bounds read...

CVE-2004-1897

Administration interface in Monit 1.4 through 4.2 allows remote attackers to cause a denial of service segmentation fault by sending a Basic Authentication request without a password, which causes Monit to decrement a null pointer and perform an out-of-bounds read...

Monit <= 4.2 Basic Authentication Remote Root Exploit

No description provided by source. / THE EYE ON SECURITY RESEARCH GROUP - INDIA http://www.eos-india.net/poc/305monit.c Remote Root Exploit for Monit = 4.2 Vulnerability: Buffer overflow in handling of Basic Authentication informations. Server authenticates clients through: Authentication: Basic...