57 matches found
CVE-2016-10367
In Opsview Monitor Pro Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch, an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request utilizing a simple URL encoding...
EUVD-2018-8003
Malware in sbrugna...
EUVD-2018-8000
Malware in sbrugna...
EUVD-2016-1550
Malware in sbrugna...
EUVD-2018-8002
Malware in sbrugna...
VulnCheck KEV: CVE-2016-10367
In Opsview Monitor Pro Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch, an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request utilizing a simple URL encoding...
CVE-2016-10368
Open redirect vulnerability in Opsview Monitor Pro Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the back parameter to the...
CVE-2023-28354
An issue was discovered in Opsview Monitor Agent 6.8. An unauthenticated remote attacker can call checknrpe against affected targets, specifying known NRPE plugins, which in default installations are configured to accept command control characters and pass them to command-line interpreters for NR...
CVE-2023-28354
An issue was discovered in Opsview Monitor Agent 6.8. An unauthenticated remote attacker can call checknrpe against affected targets, specifying known NRPE plugins, which in default installations are configured to accept command control characters and pass them to command-line interpreters for NR...
PT-2025-1386 · Opsview · Opsview Monitor Agent
Name of the Vulnerable Software and Affected Versions: Opsview Monitor Agent version 6.8 Description: A problem was discovered in Opsview Monitor Agent where an unauthenticated remote attacker can call check nrpe against affected targets, specifying known NRPE plugins. In default installations,...
CVE-2023-28354
An issue was discovered in Opsview Monitor Agent 6.8. An unauthenticated remote attacker can call checknrpe against affected targets, specifying known NRPE plugins, which in default installations are configured to accept command control characters and pass them to command-line interpreters for NR...
Opsview Monitor Agent 安全漏洞
Opsview Monitor Agent is a monitoring platform agent program from Opsview. A security vulnerability exists in Opsview Monitor Agent version 0.3.9.700 2022-09-28 and earlier, which stems from the ability of an unauthenticated remote attacker to invoke the checknrpe specified plug-in, which allows...
CVE-2023-28354
An issue in Opsview Monitor Agent 6.8 allows an unauthenticated remote attacker to call NRPE via check_nrpe and escape NRPE plugin execution by sending command control characters, enabling remote execution of commands on the target as NT_AUTHORITY\SYSTEM. This is documented in multiple sources (N...
Opsview Monitor 5.x Command Execution Vulnerability
Exploit for multiple platform in category web applications Opsview Monitor Multiple Vulnerabilities 1. Advisory Information Title: Opsview Monitor Multiple Vulnerabilities Advisory ID: CORE-2018-0008 Advisory URL: http://www.coresecurity.com/advisories/opsview-monitor-multiple-vulnerabilities Dat...
CVE-2018-16148
The diagnosticsb2ksy parameter of the /rest endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting...
CVE-2018-16148
The diagnosticsb2ksy parameter of the /rest endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting...
CVE-2018-16145
The /etc/init.d/opsview-reporting-module script that runs at boot time in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 invokes a file that can be edited by the nagios user, and would allow attackers to elevate their privileges to root after a system restart, hence obtaining full control of...
CVE-2018-16147
The data parameter of the /settings/api/router endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting...
CVE-2018-16144
The test connection functionality in the NetAudit section of Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to command injection due to improper sanitization of the rancidpassword parameter...
CVE-2018-16146
The web management console of Opsview Monitor 5.4.x before 5.4.2 provides functionality accessible by an authenticated administrator to test notifications that are triggered under certain configurable events. The value parameter is not properly sanitized, leading to arbitrary command injection wi...