Nagios XI 5.6.12 - (export-rrd.php) Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: Nagios XI 5.6.12 - 'export-rrd.php' Remote Code Execution Exploit Author: Basim Alabdullah Vendor homepage: https://www.nagios.com Version: 5.6.12 Software link: https://www.nagios.com/downloads/nagios-xi/ Tested on: CentOS REDH...

Elastic Kibana 5.0 <= 5.6.12 / 6.0 <= 6.4.2 Arbitrary File Inclusion Vulnerability - Windows

Kibana is prone to an arbitrary file inclusion flaw. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

CVE-2018-3831

Elasticsearch Alerting and Monitoring in versions before 6.4.1 or 5.6.12 have an information disclosure issue when secrets are configured via the API. The Elasticsearch cluster/settings API, when queried, could leak sensitive configuration information such as passwords, tokens, or usernames. This...

Elastic Kibana 'CVE-2018-3830' Cross-Site Scripting (XSS) Vulnerability - Windows

Kibana is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

Information disclosure

Elasticsearch Alerting and Monitoring in versions before 6.4.1 or 5.6.12 have an information disclosure issue when secrets are configured via the API. The Elasticsearch cluster/settings API, when queried, could leak sensitive configuration information such as passwords, tokens, or usernames. This...

Oracle MySQL Multiple Unspecified vulnerabilities-34 (Jun 2016) - Linux

Oracle MySQL is prone to multiple unspecified vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:oracle:mysql";...

CVE-2016-3185

The makehttpsoaprequest function in ext/soap/phphttp.c in PHP before 5.4.44, 5.5.x before 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4 allows remote attackers to obtain sensitive information from process memory or cause a denial of service type confusion and application crash via crafted...

Updated php packages fix security vulnerabilities

The php package has been updated to version 5.6.12, which fixes several security issues and other bugs. See the upstream ChangeLog for more details...

PT-2013-4675 · Mysql Server +4 · Mysql Server +4

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 5.1.70 and earlier MySQL Server versions 5.5.32 and earlier MySQL Server versions 5.6.12 and earlier Description: The issue allows remote authenticated users to affect availability via unknown vectors related to Optimize...