Lucene search
+L
GwosGroundwork Monitor

15 matches found

CVE
CVE
•added 2013/05/08 10:0 a.m.•61 views

CVE-2013-3502

GroundWork Monitor Enterprise 6.7.0 is affected by CVE-2013-3502 via monarch_scan.cgi. The root cause is untrusted user input used in a Perl function (qx), enabling remote authenticated attackers to inject commands and achieve arbitrary code execution and potential data exposure. A Metasploit mod...

6.5CVSS7.1AI score0.53706EPSS
Web
CVE
CVE
•added 2013/05/08 10:0 a.m.•57 views

CVE-2013-3499

GroundWork Monitor Enterprise 6.7.0 is affected by an authentication bypass vulnerability where access decisions are made using the HTTP Referer header. A remote attacker can craft headers to obtain administrative privileges or access restricted files. The issue stems from referer-based authentic...

7.5CVSS7AI score0.03211EPSS
CVE
CVE
•added 2013/05/08 10:0 a.m.•57 views

CVE-2013-3512

CVE-2013-3512 affects the Cacti component in GroundWork Monitor Enterprise 6.7.0. The root cause is improper authorization checks, enabling remote authenticated users to read or modify configuration settings via unspecified vectors (demonstrated by reading credentials). Impact is partial confiden...

6.5CVSS6.4AI score0.01521EPSS
CVE
CVE
•added 2013/05/08 10:0 a.m.•53 views

CVE-2013-3508

The CVE-2013-3508 entry affects GroundWork Monitor Enterprise 6.7.0 (NeDi component). The vulnerability exists in html/System-Files.php within the System File Overview feature, allowing remote authenticated users to execute arbitrary commands via vectors involving file editing. Base score is 6.5 ...

6.5CVSS7.3AI score0.01969EPSS
CVE
CVE
•added 2013/05/08 10:0 a.m.•51 views

CVE-2013-3500

The CVE-2013-3500 entry affects GroundWork Monitor Enterprise 6.7.0: the Foundation webapp Admin interface leaves writable files under /usr/local/groundwork owned by the nagios user, enabling context-dependent attackers to bypass filesystem restrictions by leveraging access to a GroundWork script...

7.5CVSS6.7AI score0.02377EPSS
CVE
CVE
•added 2013/05/08 10:0 a.m.•50 views

CVE-2013-3507

The CVE-2013-3507 issue affects GroundWork Monitor Enterprise 6.7.0 via the NeDi component. The vulnerability allows remote authenticated users to disclose sensitive information by directly requesting one of three resources: (1) a configuration file, (2) a database dump, or (3) the Tomcat status ...

4CVSS5.9AI score0.01337EPSS
CVE
CVE
•added 2013/05/08 10:0 a.m.•47 views

CVE-2013-3501

GroundWork Monitor Enterprise 6.7.0 is affected by multiple cross-site scripting (XSS) vulnerabilities. The issues allow remote attackers to inject arbitrary web script or HTML through vectors related to the foundation-webapp/admin/ directory, the NeDi component, and the Noma component. The CVE e...

4.3CVSS5.8AI score0.01333EPSS
CVE
CVE
•added 2013/05/08 10:0 a.m.•47 views

CVE-2013-3510

CVE-2013-3510 affects GroundWork Monitor Enterprise 6.7.0. The connected documents describe multiple SQL injection vulnerabilities that allow remote authenticated users to execute arbitrary SQL via (1) nedi/html/System-Export.php, (2) nedi/html/Devices-List.php, or (3) the Noma component. The CVS...

6.5CVSS8.3AI score0.01271EPSS
CVE
CVE
•added 2013/05/08 10:0 a.m.•47 views

CVE-2013-3513

CVE-2013-3513 concerns CSRF in the Noma component of GroundWork Monitor Enterprise 6.7.0. The vulnerabilities enable remote attackers to hijack user authentication via requests that (1) store XSS sequences and (2) delete entries, as described in multiple sources. The affected product is GroundWor...

6.8CVSS6.8AI score0.00719EPSS
CVE
CVE
•added 2013/05/08 10:0 a.m.•46 views

CVE-2013-3503

CVE-2013-3503 affects GroundWork Monitor Enterprise 6.7.0: the Profile Importer feature in the monarch.cgi of the MONARCH component is vulnerable to XML External Entity (XXE) abuse. An authenticated remote user can cause the application to read arbitrary files by submitting an XML document that c...

3.5CVSS6.5AI score0.01177EPSS
CVE
CVE
•added 2013/05/08 10:0 a.m.•46 views

CVE-2013-3506

GroundWork Monitor Enterprise 6.7.0 (Performance component: perfchart.cgi) is vulnerable to remote command execution via Server Side Includes (SSI). The flaw stems from not properly restricting XML content, allowing an attacker to craft a .shtml file and leverage SSI to run arbitrary commands. No...

7.5CVSS7.8AI score0.02505EPSS
CVE
CVE
•added 2013/05/08 10:0 a.m.•45 views

CVE-2013-3504

The CVE-2013-3504 entry concerns GroundWork Monitor Enterprise 6.7.0, specifically the MONARCH component’s monarch.cgi, where a directory traversal vulnerability allows remote authenticated users (via the nagios account) to overwrite arbitrary files. The provided connected documents confirm the a...

5.5CVSS6.5AI score0.01851EPSS
CVE
CVE
•added 2013/05/08 10:0 a.m.•45 views

CVE-2013-3509

CVE-2013-3509 affects GroundWork Monitor Enterprise 6.7.0 (NeDi component). The issue is in html/System-NeDi.php: remote authenticated users can execute arbitrary commands via shell metacharacters in the scan functionality under System/NeDi. Impact details are not expanded beyond the description ...

6.5CVSS7.5AI score0.019EPSS
CVE
CVE
•added 2013/05/08 10:0 a.m.•45 views

CVE-2013-3511

The connected documents confirm an open redirect vulnerability in the NeDi component of GroundWork Monitor Enterprise 6.7.0. Impact described as attackers redirecting users to arbitrary sites, enabling phishing via unspecified vectors. No concrete remediation steps or affected version details bey...

5.8CVSS6.9AI score0.01341EPSS
CVE
CVE
•added 2013/05/08 10:0 a.m.•40 views

CVE-2013-3505

The CVE-2013-3505 issue affects the Nagios-App component in GroundWork Monitor Enterprise 6.7.0. Affected behavior: remote authenticated users can bypass intended access restrictions by directly requesting either a log file or a configuration file. Root cause stated in sources: improper access co...

4CVSS6.4AI score0.01451EPSS