6 matches found
CVE-2025-34287
Nagios XI versions prior to 2024R2 contain an improperly owned script, processperfdata.pl, which is executed periodically as the nagios user but owned by www-data. Because the file was writable by www-data, an attacker with web server privileges could modify its contents, leading to arbitrary cod...
CVE-2025-34287 Nagios XI < 2024R2 Privilege Escalation via process_perfdata.pl
Nagios XI versions prior to 2024R2 contain an improperly owned script, processperfdata.pl, which is executed periodically as the nagios user but owned by www-data. Because the file was writable by www-data, an attacker with web server privileges could modify its contents, leading to arbitrary cod...
CVE-2025-34287
Nagios XI prior to 2024R2 is affected by a local privilege escalation due to an improperly owned script, process_perfdata.pl, which runs as the nagios user but is owned by www-data and writable by www-data. An attacker with web-server privileges could modify the script and trigger arbitrary code ...
CVE-2025-34287 Nagios XI < 2024R2 Privilege Escalation via process_perfdata.pl
Nagios XI versions prior to 2024R2 contain an improperly owned script, processperfdata.pl, which is executed periodically as the nagios user but owned by www-data. Because the file was writable by www-data, an attacker with web server privileges could modify its contents, leading to arbitrary cod...
PT-2025-44524
Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2024R2 Description Nagios XI versions prior to 2024R2 contain an improperly owned script, process perfdata.pl, which is executed periodically as the nagios user but owned by www-data. Because the file was writable b...
openSUSE Security Update : monitoring-plugins-smart (openSUSE-2021-706)
This update for monitoring-plugins-smart fixes the following issues : monitoring-plugins-smart was updated to 6.9.1 : This is a security-release boo1183057 + Fixes the regular expression for pseudo-devices under the /dev/bus/N path. from 6.9.0 + Allows using PCI device paths as device names 64 +...