Lucene search
K

6 matches found

OSV
OSV
added 2025/10/30 10:15 p.m.4 views

CVE-2025-34287

Nagios XI versions prior to 2024R2 contain an improperly owned script, processperfdata.pl, which is executed periodically as the nagios user but owned by www-data. Because the file was writable by www-data, an attacker with web server privileges could modify its contents, leading to arbitrary cod...

7.8CVSS6.2AI score0.00264EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/30 9:39 p.m.5 views

CVE-2025-34287 Nagios XI < 2024R2 Privilege Escalation via process_perfdata.pl

Nagios XI versions prior to 2024R2 contain an improperly owned script, processperfdata.pl, which is executed periodically as the nagios user but owned by www-data. Because the file was writable by www-data, an attacker with web server privileges could modify its contents, leading to arbitrary cod...

8.4CVSS7.2AI score0.00264EPSS
Exploits0References2
CVE
CVE
added 2025/10/30 9:39 p.m.24 views

CVE-2025-34287

Nagios XI prior to 2024R2 is affected by a local privilege escalation due to an improperly owned script, process_perfdata.pl, which runs as the nagios user but is owned by www-data and writable by www-data. An attacker with web-server privileges could modify the script and trigger arbitrary code ...

8.4CVSS7.2AI score0.00264EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/10/30 9:39 p.m.9 views

CVE-2025-34287 Nagios XI < 2024R2 Privilege Escalation via process_perfdata.pl

Nagios XI versions prior to 2024R2 contain an improperly owned script, processperfdata.pl, which is executed periodically as the nagios user but owned by www-data. Because the file was writable by www-data, an attacker with web server privileges could modify its contents, leading to arbitrary cod...

8.4CVSS0.00264EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/30 12:0 a.m.7 views

PT-2025-44524

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2024R2 Description Nagios XI versions prior to 2024R2 contain an improperly owned script, process perfdata.pl, which is executed periodically as the nagios user but owned by www-data. Because the file was writable b...

8.4CVSS7.2AI score0.00264EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2021/05/18 12:0 a.m.17 views

openSUSE Security Update : monitoring-plugins-smart (openSUSE-2021-706)

This update for monitoring-plugins-smart fixes the following issues : monitoring-plugins-smart was updated to 6.9.1 : This is a security-release boo1183057 + Fixes the regular expression for pseudo-devices under the /dev/bus/N path. from 6.9.0 + Allows using PCI device paths as device names 64 +...

5.6AI score
Exploits0References1
Rows per page
Query Builder