Shodan
Vulnerabilities
Vulnerable Software
Nagios:  Security Vulnerabilities
CVE-2019-12279
Nagios XI 5.6.1 allows SQL injection via the username parameter to login.php?forgotpass (aka the reset password form). NOTE: The vendor disputes this issues as not being a vulnerability because the issue does not seem to be a legitimate SQL Injection. The POC does not show any valid injection that can be done with the variable provided, and while the username value being passed does get used in a SQL query, it is passed through SQL escaping functions when creating the call. The vendor tried re-creating the issue with no luck
CVSS Score
9.8
EPSS Score
0.162
Published
2019-05-22
CVE-2019-9166
Privilege escalation in Nagios XI before 5.5.11 allows local attackers to elevate privileges to root via write access to config.inc.php and import_xiconfig.php.
CVSS Score
7.8
EPSS Score
0.0
Published
2019-03-28
CVE-2019-9167
Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.
CVSS Score
6.1
EPSS Score
0.136
Published
2019-03-28
CVE-2019-9165
SQL injection vulnerability in Nagios XI before 5.5.11 allows attackers to execute arbitrary SQL commands via the API when using fusekeys and malicious user id.
CVSS Score
9.8
EPSS Score
0.063
Published
2019-03-28
CVE-2019-9202
Nagios IM (component of Nagios XI) before 2.2.7 allows authenticated users to execute arbitrary code via API key issues.
CVSS Score
8.8
EPSS Score
0.425
Published
2019-03-28
CVE-2019-9203
Authorization bypass in Nagios IM (component of Nagios XI) before 2.2.7 allows closing incidents in IM via the API.
CVSS Score
9.8
EPSS Score
0.055
Published
2019-03-28
CVE-2019-9204
SQL injection vulnerability in Nagios IM (component of Nagios XI) before 2.2.7 allows attackers to execute arbitrary SQL commands.
CVSS Score
9.8
EPSS Score
0.04
Published
2019-03-28
CVE-2019-9164
Command injection in Nagios XI before 5.5.11 allows an authenticated users to execute arbitrary remote commands via a new autodiscovery job.
CVSS Score
8.8
EPSS Score
0.621
Published
2019-03-28
CVE-2018-20171
An issue was discovered in Nagios XI before 5.5.8. The url parameter of rss_dashlet/magpierss/scripts/magpie_simple.php is not filtered, resulting in an XSS vulnerability.
CVSS Score
6.1
EPSS Score
0.038
Published
2018-12-17
CVE-2018-20172
An issue was discovered in Nagios XI before 5.5.8. The rss_url parameter of rss_dashlet/magpierss/scripts/magpie_slashbox.php is not filtered, resulting in an XSS vulnerability.
CVSS Score
6.1
EPSS Score
0.038
Published
2018-12-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved