15 matches found
CVE-2013-3502
GroundWork Monitor Enterprise 6.7.0 is affected by CVE-2013-3502 via monarch_scan.cgi. The root cause is untrusted user input used in a Perl function (qx), enabling remote authenticated attackers to inject commands and achieve arbitrary code execution and potential data exposure. A Metasploit mod...
CVE-2013-3499
GroundWork Monitor Enterprise 6.7.0 is affected by an authentication bypass vulnerability where access decisions are made using the HTTP Referer header. A remote attacker can craft headers to obtain administrative privileges or access restricted files. The issue stems from referer-based authentic...
CVE-2013-3512
CVE-2013-3512 affects the Cacti component in GroundWork Monitor Enterprise 6.7.0. The root cause is improper authorization checks, enabling remote authenticated users to read or modify configuration settings via unspecified vectors (demonstrated by reading credentials). Impact is partial confiden...
CVE-2013-3508
The CVE-2013-3508 entry affects GroundWork Monitor Enterprise 6.7.0 (NeDi component). The vulnerability exists in html/System-Files.php within the System File Overview feature, allowing remote authenticated users to execute arbitrary commands via vectors involving file editing. Base score is 6.5 ...
CVE-2013-3500
The CVE-2013-3500 entry affects GroundWork Monitor Enterprise 6.7.0: the Foundation webapp Admin interface leaves writable files under /usr/local/groundwork owned by the nagios user, enabling context-dependent attackers to bypass filesystem restrictions by leveraging access to a GroundWork script...
CVE-2013-3507
The CVE-2013-3507 issue affects GroundWork Monitor Enterprise 6.7.0 via the NeDi component. The vulnerability allows remote authenticated users to disclose sensitive information by directly requesting one of three resources: (1) a configuration file, (2) a database dump, or (3) the Tomcat status ...
CVE-2013-3501
GroundWork Monitor Enterprise 6.7.0 is affected by multiple cross-site scripting (XSS) vulnerabilities. The issues allow remote attackers to inject arbitrary web script or HTML through vectors related to the foundation-webapp/admin/ directory, the NeDi component, and the Noma component. The CVE e...
CVE-2013-3510
CVE-2013-3510 affects GroundWork Monitor Enterprise 6.7.0. The connected documents describe multiple SQL injection vulnerabilities that allow remote authenticated users to execute arbitrary SQL via (1) nedi/html/System-Export.php, (2) nedi/html/Devices-List.php, or (3) the Noma component. The CVS...
CVE-2013-3513
CVE-2013-3513 concerns CSRF in the Noma component of GroundWork Monitor Enterprise 6.7.0. The vulnerabilities enable remote attackers to hijack user authentication via requests that (1) store XSS sequences and (2) delete entries, as described in multiple sources. The affected product is GroundWor...
CVE-2013-3503
CVE-2013-3503 affects GroundWork Monitor Enterprise 6.7.0: the Profile Importer feature in the monarch.cgi of the MONARCH component is vulnerable to XML External Entity (XXE) abuse. An authenticated remote user can cause the application to read arbitrary files by submitting an XML document that c...
CVE-2013-3506
GroundWork Monitor Enterprise 6.7.0 (Performance component: perfchart.cgi) is vulnerable to remote command execution via Server Side Includes (SSI). The flaw stems from not properly restricting XML content, allowing an attacker to craft a .shtml file and leverage SSI to run arbitrary commands. No...
CVE-2013-3504
The CVE-2013-3504 entry concerns GroundWork Monitor Enterprise 6.7.0, specifically the MONARCH component’s monarch.cgi, where a directory traversal vulnerability allows remote authenticated users (via the nagios account) to overwrite arbitrary files. The provided connected documents confirm the a...
CVE-2013-3509
CVE-2013-3509 affects GroundWork Monitor Enterprise 6.7.0 (NeDi component). The issue is in html/System-NeDi.php: remote authenticated users can execute arbitrary commands via shell metacharacters in the scan functionality under System/NeDi. Impact details are not expanded beyond the description ...
CVE-2013-3511
The connected documents confirm an open redirect vulnerability in the NeDi component of GroundWork Monitor Enterprise 6.7.0. Impact described as attackers redirecting users to arbitrary sites, enabling phishing via unspecified vectors. No concrete remediation steps or affected version details bey...
CVE-2013-3505
The CVE-2013-3505 issue affects the Nagios-App component in GroundWork Monitor Enterprise 6.7.0. Affected behavior: remote authenticated users can bypass intended access restrictions by directly requesting either a log file or a configuration file. Root cause stated in sources: improper access co...