9789 matches found
Command injection
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS...
Command injection
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command...
Command injection
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command...
OS Command Injection
samba-client is vulnerable to OS command injection. The use of process.exec allows an attacker to inject and execute arbitrary OS commands on the host OS...
CVE-2021-25298
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command...
CVE-2021-25297
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command...
CVE-2021-25298
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command...
CVE-2021-25297
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command...
CVE-2021-25296
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS...
CVE-2021-25298
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command...
Nagios XI 安全漏洞
Nagios XI is a commercial monitoring solution built on Nagios Core, including dashboards, web-based configuration, advanced reporting and rich data visualization. An OS command injection vulnerability exists in /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php in Nagios XI...
CVE-2021-25298
CVE-2021-25298 affects Nagios XI up to version 5.7.5, with an authenticated OS command-injection in /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php caused by improper sanitization of user-controlled input via a single HTTP request. The vulnerability can enable remote cod...
CVE-2021-25297
CVE-2021-25297 affects Nagios XI 5.7.5 (and related versions) with an OS command injection vulnerability in /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php. The vulnerability stems from improper sanitization of input provided by an authenticated user via a single HTTP reques...
CVE-2021-25296
CVE-2021-25296 (Nagios XI 5.7.5) is an OS command injection in authenticated context via WindowsWMI wizard (windowswmi.inc.php); CVE-2021-25297 via Switch wizard (switch.inc.php); CVE-2021-25298 via Cloud‑VM wizard (cloud-vm.inc.php). All involve improper sanitization of authenticated user input ...
CVE-2021-25297
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command...
CVE-2021-25296
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS...
Exploit for Improper Handling of Exceptional Conditions in Openbsd Opensmtpd
CVE-2020-7247-exploit OpenSMTPD 6.4.0 -...
PT-2021-7665 · Nagios Xi · Nagios Xi
Name of the Vulnerable Software and Affected Versions: Nagios XI version xi-5.7.5 Description: The issue is related to OS command injection due to improper sanitization of authenticated user-controlled input by a single HTTP request. This can lead to OS command injection on the Nagios XI server...
CVE-2021-26752
NeDi 1.9C allows an authenticated user to execute operating system commands in the Nodes Traffic function on the endpoint /Nodes-Traffic.php via the md or ag HTTP GET parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data...
CVE-2021-26752
NeDi 1.9C allows an authenticated user to execute operating system commands in the Nodes Traffic function on the endpoint /Nodes-Traffic.php via the md or ag HTTP GET parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data...