Lucene search
K

28 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 10:8 a.m.7 views

CVE-2019-20384

Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging access to the nagios user account, because this directory is writable in between a call to emake and a call to fowners...

5.5CVSS6.6AI score0.0027EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/10/31 10:7 p.m.4 views

CVE-2025-34287

Nagios XI versions prior to 2024R2 contain an improperly owned script, processperfdata.pl, which is executed periodically as the nagios user but owned by www-data. Because the file was writable by www-data, an attacker with web server privileges could modify its contents, leading to arbitrary cod...

8.4CVSS7.5AI score0.00264EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/31 10:7 p.m.4 views

CVE-2025-34274

Nagios Log Server versions prior to 2024R2.0.3 contain an execution with unnecessary privileges vulnerability as it runs its embedded Logstash process as the root user. If an attacker is able to compromise the Logstash process - for example by exploiting an insecure plugin, pipeline configuration...

9.8CVSS7.3AI score0.01893EPSS
Exploits0References1
NVD
NVD
added 2025/10/30 10:15 p.m.5 views

CVE-2025-34274

Nagios Log Server versions prior to 2024R2.0.3 contain an execution with unnecessary privileges vulnerability as it runs its embedded Logstash process as the root user. If an attacker is able to compromise the Logstash process - for example by exploiting an insecure plugin, pipeline configuration...

9.8CVSS0.01893EPSS
Exploits0References3
OSV
OSV
added 2025/10/30 10:15 p.m.4 views

CVE-2025-34274

Nagios Log Server versions prior to 2024R2.0.3 contain an execution with unnecessary privileges vulnerability as it runs its embedded Logstash process as the root user. If an attacker is able to compromise the Logstash process - for example by exploiting an insecure plugin, pipeline configuration...

9.8CVSS6AI score0.01893EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/10/30 9:23 p.m.6 views

CVE-2025-34274 Nagios Log Server < 2024R2.0.3 Logstash Process Root Privileges

Nagios Log Server versions prior to 2024R2.0.3 contain an execution with unnecessary privileges vulnerability as it runs its embedded Logstash process as the root user. If an attacker is able to compromise the Logstash process - for example by exploiting an insecure plugin, pipeline configuration...

9.3CVSS0.01893EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/30 12:0 a.m.5 views

PT-2025-44517

Name of the Vulnerable Software and Affected Versions Nagios Log Server versions prior to 2024R2.0.3 Description The software runs its embedded Logstash process as the root user, leading to a situation where an attacker compromising the Logstash process could execute code with root privileges,...

9.8CVSS7.1AI score0.01893EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-8000

Malware in sbrugna...

9.3CVSS8.2AI score0.02308EPSS
Exploits3References6
RedhatCVE
RedhatCVE
added 2025/09/26 5:49 p.m.5 views

CVE-2025-34227

Nagios XI 2026R1 is vulnerable to an authenticated command injection vulnerability within the MongoDB Database, MySQL Query, MySQL Server, Postgres Server, and Postgres Query wizards. It is possible to inject shell characters into arguments provided to the service and execute arbitrary system...

8.8CVSS8.1AI score0.25922EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2025/09/25 5:8 p.m.4 views

CVE-2025-34227

Nagios XI 2026R1 is vulnerable to an authenticated command injection vulnerability within the MongoDB Database, MySQL Query, MySQL Server, Postgres Server, and Postgres Query wizards. It is possible to inject shell characters into arguments provided to the service and execute arbitrary system...

8.8CVSS6AI score0.25922EPSS
Exploits2References5
Positive Technologies
Positive Technologies
added 2025/09/25 12:0 a.m.4 views

PT-2025-39429

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2026R1 Description Nagios XI is susceptible to an authenticated command injection issue present in the MongoDB Database, MySQL Query, MySQL Server, Postgres Server, and Postgres Query wizards. Successful exploitatio...

8.6CVSS7.5AI score0.25922EPSS
Exploits2References7
CVE
CVE
added 2024/08/07 12:0 a.m.42 views

CVE-2024-43199

Nagios NDOUtils prior to 2.1.4 is affected by CVE-2024-43199 due to executable files owned by the nagios user, enabling local privilege escalation from nagios to root. Affected software: Nagios NDOUtils (versions before 2.1.4). Root cause: ownership of certain executables by the nagios user allow...

8.8CVSS6.9AI score0.01097EPSS
Exploits0References4Affected Software1
GithubExploit
GithubExploit
added 2024/02/18 8:33 p.m.49 views

Exploit for Improper Privilege Management in Nagios Nagios_Xi

Vulnerability Report CVE Disovered by: Jarod Jaslow MAWK...

9.8CVSS7.8AI score0.03398EPSS
Exploits1
Prion
Prion
added 2021/10/26 11:15 a.m.14 views

Code injection

An issue was discovered in Nagios XI 5.8.5. Insecure file permissions on the nagiosunbundler.py file allow the nagios user to elevate their privileges to the root user...

7.2CVSS7.6AI score0.00657EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2020/01/21 12:15 a.m.12 views

CVE-2019-20384

Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging access to the nagios user account, because this directory is writable in between a call to emake and a call to fowners...

5.5CVSS6.6AI score
Exploits0References2
Prion
Prion
added 2019/09/05 5:15 p.m.22 views

Command injection

Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh script, invoked by downloading a system profile profile.php?cmd=download, is executed as root via a...

9CVSS8.8AI score0.77741EPSS
Exploits13References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2019/09/05 12:0 a.m.64 views

CVE-2019-15949

Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh script, invoked by downloading a system profile profile.php?cmd=download, is executed as root via a...

9CVSS8.8AI score0.77741EPSS
In wildExploits13References4
NVD
NVD
added 2018/09/05 9:29 p.m.18 views

CVE-2018-16145

The /etc/init.d/opsview-reporting-module script that runs at boot time in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 invokes a file that can be edited by the nagios user, and would allow attackers to elevate their privileges to root after a system restart, hence obtaining full control of...

9.3CVSS8.1AI score0.02308EPSS
Exploits3References4
OSV
OSV
added 2018/09/05 9:29 p.m.6 views

CVE-2018-16145

The /etc/init.d/opsview-reporting-module script that runs at boot time in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 invokes a file that can be edited by the nagios user, and would allow attackers to elevate their privileges to root after a system restart, hence obtaining full control of...

8.1CVSS5.8AI score0.02308EPSS
Exploits3References4
OSV
OSV
added 2018/09/05 9:29 p.m.4 views

CVE-2018-16146

The web management console of Opsview Monitor 5.4.x before 5.4.2 provides functionality accessible by an authenticated administrator to test notifications that are triggered under certain configurable events. The value parameter is not properly sanitized, leading to arbitrary command injection wi...

7.2CVSS5.9AI score0.06197EPSS
Exploits3References3
Rows per page
Query Builder