CVE-2024-39915

Thruk is a multibackend monitoring webinterface for Naemon, Nagios, Icinga and Shinken using the Livestatus API. This authenticated RCE in Thruk allows authorized users with network access to inject arbitrary commands via the URL parameter during PDF report generation. The Thruk web application...

CVE-2024-39915 Authenticated remote code execution in Thruk

Thruk is a multibackend monitoring webinterface for Naemon, Nagios, Icinga and Shinken using the Livestatus API. This authenticated RCE in Thruk allows authorized users with network access to inject arbitrary commands via the URL parameter during PDF report generation. The Thruk web application...

The vulnerability of the panorama.pm web interface component in monitoring consoles for Naemon, Nagios, Icinga, and Shinken THRUK allows a hacker to load any file they desire.

The vulnerability of the panorama.pm web interface of the monitoring console for Naemon, Nagios, Icinga, and Shinken THRUK relates to an incorrect limitation on the path name to the restricted directory. Exploiting this vulnerability allows a malicious actor to download any file remotely...

CVE-2023-34096

Thruk has a Path Traversal vulnerability (CVE-2023-34096) in panorama.pm affecting versions

ITRS Group OP5 Monitor 跨站脚本漏洞

ITRS Group OP5 Monitor is a network monitoring and management software product for servers from the UK-based ITRS Group, based on the open source project Naemon. A security vulnerability exists in ITRS Group OP5 Monitor versions 8.3.1, 8.3.2, and OP5 8.3.3, which stems from vulnerability to...