OpenHarness 安全漏洞

OpenHarness is a lightweight development and runtime framework for Data Intelligence Lab@HKU. Versions prior to OpenHarness PR 156 contained security vulnerabilities. These vulnerabilities stemmed from the default exposure of plugin lifecycle commands, which could allow attackers to remotely mana...

CVE-2025-9161

A security issue exists within FactoryTalk Optix MQTT broker due to the lack of URI sanitization. This flaw enables the loading of remote Mosquito plugins, which can be used to achieve remote code execution...

Linux Distros Unpatched Vulnerability : CVE-2018-18245

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nagios Core 4.4.2 has XSS via the alert summary reports of plugin results, as demonstrated by a SCRIPT element delivered by a modified checkload plugin to NRPE...

WordPress Alone Theme 7.8.3 Arbitrary Plugin Upload / Code Execution

WordPress Alone Theme versions 7.8.3 and below are vulnerable to an unauthenticated arbitrary file upload vulnerability. This flaw allows unauthenticated attackers to upload and install arbitrary plugin ZIP files from remote URLs via an unprotected AJAX endpoint — resulting in remote code executi...

Security Misconfiguration Detected (Medium)

Security misconfigurations present a risk of increased attack surface by allowing malicious entities to communicate with the target assets. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

The vulnerability of the software for managing systems in the One-to-one Dell EMC OpenManage Server Administrator (OMSA) environment lies in insufficient validation of input data. This allows a malicious actor to trigger a service failure.

The vulnerability of the software for managing systems in the One-to-one Dell EMC OpenManage Server Administrator OMSA mode is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to trigger a service failure by loading malicious plugins or...

SUSE SLES12 Security Update : nrpe (SUSE-SU-2024:1417-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1417-1 advisory. - Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor NRPE 2.15 and earlier allows remote attackers to execute...

The vulnerability of the Gstreamer module in the office software package LibreOffice allows a hacker to execute arbitrary Gstreamer plugins.

The vulnerability of the Gstreamer module in the LibreOffice office software package exists due to the lack of measures taken to neutralize special elements. Exploiting this vulnerability allows a malicious actor to remotely execute arbitrary Gstreamer plugins...

CVE-2023-4243

The FULL - Customer plugin for WordPress is vulnerable to Arbitrary File Upload via the /install-plugin REST route in versions up to, and including, 2.2.3 due to improper authorization. This allows authenticated attackers with subscriber-level permissions and above to execute code by installing...

WordPress BuddyForms Remote Plugin <= 1.0.4 is vulnerable to Cross Site Scripting (XSS)

Software BuddyForms Remote Type Plugin Vulnerable versions = 1.0.4 Fixed in 1.0.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 11788d764e29 Credits Rafie Muhammad Patchstack Required...

SUSE CVE-2014-2913

Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor NRPE 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/checknrpe. NOTE: this issue is disputed by multiple parties. It has been reported that the...

Nagios NRPE Insufficient Filtering Vulnerability

Nagios NRPE is an extension of Nagios to execute plug-in programs on remote Linux/Unix hosts. An insufficient filtering vulnerability exists in Nagios NRPE 3.2.1. The vulnerability stems from nastymetachars interpreting n as a character and the character n instead of the n newline sequence. An...

Nagios NRPE Heap Buffer Overflow Vulnerability

Nagios NRPE is an extension of Nagios to execute plug-in programs on remote Linux/Unix hosts. A heap buffer overflow vulnerability exists in Nagios NRPE 3.2.1. An attacker could exploit this vulnerability to cause a denial of service...

ALPINE-CVE-2020-6581

Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nastymetachars interprets \n as the character \ and the character n not as the \n newline sequence. This can cause command injection...

DEBIAN-CVE-2020-6582

Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by interpretation of a small negative number as a large positive number during a bzero call...

SuperMicro SuperDoctor Arbitrary Code Execution Vulnerability

SuperMicro SuperDoctor is a set of server management monitoring platform from SuperMicro, Inc. in the United States. The platform is mainly used for real-time monitoring of the target node hardware in the data center system operation status or availability. A security vulnerability exists in Supe...

The vulnerability of the Nagios Remote Plugin Executor, related to insufficient validation of input data, allows a hacker to execute arbitrary code.

The vulnerability of the Nagios Remote Plugin Executor NRPE lies in insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code...

Amazon Linux AMI : nrpe (ALAS-2014-364)

DISPUTED Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor NRPE 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/checknrpe. NOTE: this issue is disputed by multiple parties. It has been reported...

Nagios Remote Plugin Executor Arbitrary Command Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'zlib' class...

Important: nrpe

Issue Overview: DISPUTED Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor NRPE 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/checknrpe. NOTE: this issue is disputed by multiple parties. It ha...