Thruk 2.40-2 - Cross-Site Scripting

Thruk 2.40-2 contains a cross-site scripting vulnerability via /thruk/cgi-bin/status.cgi?style=combined&title=TITLE in the host or title parameter. An attacker can inject arbitrary JavaScript into status.cgi, leading to a triggered payload when accessed by an authenticated user. id: CVE-2021-3548...

SUSE CVE-2013-2214

status.cgi in Nagios 4.0 before 4.0 beta4 and 3.x before 3.5.1 does not properly restrict access to certain users that are a contact for a service, which allows remote authenticated users to obtain sensitive information about hostnames via the servicegroup 1 overview, 2 summary, or 3 grid style i...

SUSE CVE-2015-8010

Cross-site scripting XSS vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi...

CVE-2021-35488

Thruk 2.40-2 allows /thruk/cgi-bin/status.cgi?style=combined&title=TITLE Reflected XSS via the host or title parameter. An attacker could inject arbitrary JavaScript into status.cgi. The payload would be triggered every time an authenticated user browses the page containing it...

Thruk 跨站脚本漏洞

Thruk is an open source multi-backend monitoring web interface from the individual developer Sven Nierlein in Germany. Thruk 2.40-2 suffers from a security vulnerability that allows an attacker to inject arbitrary JavaScript into status.cgi, which triggers a payload every time an authenticated us...

Netwave IP camera information disclosure vulnerability (CNVD-2018-16961)

Netwave IP camera is a network camera produced by Netwave SystemsB.V. in the Netherlands. An information disclosure vulnerability exists in the getstatus.cgi file in the Netwave IP camera. An attacker can exploit this vulnerability to disclose sensitive information on the device...

CVE-2015-8010

Cross-site scripting XSS vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi...

CVE-2015-8010

Removed by vendor...

CVE-2015-1444

Multiple cross-site scripting XSS vulnerabilities in the web administration frontend in the httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30 allow remote attackers to inject arbitrary web script or HTML via the 1 conntrack.cgi, 2 index.cgi, 3 logsyslog.cgi, 4 problems.cgi, 5...

Ipswitch IMail 5.0.8/6.0/6.1 IMonitor status.cgi DoS Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/914/info IMail includes a service called IMail Monitor which is used for local and remote performance measuring and diagnostics. It includes a small webserver operating on port 8181 to support web-based monitoring. One of...

Nagios 'status.cgi' Information Disclosure Vulnerability (Jul 2013) - Active Check

Nagios is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nagios:nagios";...

CVE-2013-2214

status.cgi in Nagios 4.0 before 4.0 beta4 and 3.x before 3.5.1 does not properly restrict access to certain users that are a contact for a service, which allows remote authenticated users to obtain sensitive information about hostnames via the servicegroup 1 overview, 2 summary, or 3 grid style i...

CVE-2013-2214

status.cgi in Nagios 4.0 before 4.0 beta4 and 3.x before 3.5.1 does not properly restrict access to certain users that are a contact for a service, which allows remote authenticated users to obtain sensitive information about hostnames via the servicegroup 1 overview, 2 summary, or 3 grid style i...

CVE-2013-2214

status.cgi in Nagios 4.0 before 4.0 beta4 and 3.x before 3.5.1 does not properly restrict access to certain users that are a contact for a service, which allows remote authenticated users to obtain sensitive information about hostnames via the servicegroup 1 overview, 2 summary, or 3 grid style i...

CVE-2013-2214

CVE-2013-2214 affects Nagios status.cgi: in Nagios 4.0 before 4.0 beta4 and 3.x before 3.5.1, access restrictions for service contact users are not properly enforced, enabling remote authenticated users to disclose hostnames via the servicegroup overview, summary, or grid views. Root cause is an ...

CVE-2000-0056

IMail IMONITOR status.cgi CGI script allows remote attackers to cause a denial of service with many calls to status.cgi...

CVE-2000-0056

CVE-2000-0056 affects the IMail server’s IMONITOR status.cgi CGI script. The vulnerability is described as allowing remote attackers to cause a denial of service by issuing many requests to status.cgi, impacting availability. The connected Nessus plugin expands the context to a potential buffer o...

Ipswitch IMail 5.0.8/6.0/6.1 - IMonitor 'status.cgi' Denial of Service

source: https://www.securityfocus.com/bid/914/info IMail includes a service called IMail Monitor which is used for local and remote performance measuring and diagnostics. It includes a small webserver operating on port 8181 to support web-based monitoring. One of the cgi scripts, status.cgi, is...