Shodan
Vulnerabilities
Vulnerable Software
Nagios:  >> Nagios Xi  >> 5.3.2  Security Vulnerabilities
CVE-2019-9165
SQL injection vulnerability in Nagios XI before 5.5.11 allows attackers to execute arbitrary SQL commands via the API when using fusekeys and malicious user id.
CVSS Score
9.8
EPSS Score
0.063
Published
2019-03-28
CVE-2019-9164
Command injection in Nagios XI before 5.5.11 allows an authenticated users to execute arbitrary remote commands via a new autodiscovery job.
CVSS Score
8.8
EPSS Score
0.271
Published
2019-03-28
CVE-2018-20171
An issue was discovered in Nagios XI before 5.5.8. The url parameter of rss_dashlet/magpierss/scripts/magpie_simple.php is not filtered, resulting in an XSS vulnerability.
CVSS Score
6.1
EPSS Score
0.038
Published
2018-12-17
CVE-2018-20172
An issue was discovered in Nagios XI before 5.5.8. The rss_url parameter of rss_dashlet/magpierss/scripts/magpie_slashbox.php is not filtered, resulting in an XSS vulnerability.
CVSS Score
6.1
EPSS Score
0.038
Published
2018-12-17
CVE-2018-8733
Authentication bypass vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an unauthenticated attacker to make configuration changes and leverage an authenticated SQL injection vulnerability.
CVSS Score
9.8
EPSS Score
0.797
Published
2018-04-18
CVE-2018-8734
SQL injection vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary SQL commands via the selInfoKey1 parameter.
CVSS Score
9.8
EPSS Score
0.79
Published
2018-04-18
CVE-2018-8735
Remote command execution (RCE) vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary commands on the target system, aka OS command injection.
CVSS Score
8.8
EPSS Score
0.765
Published
2018-04-18
CVE-2018-8736
A privilege escalation vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to leverage an RCE vulnerability escalating to root.
CVSS Score
8.8
EPSS Score
0.68
Published
2018-04-18
CVE-2013-6875
SQL injection vulnerability in functions/prepend_adm.php in Nagios Core Config Manager in Nagios XI before 2012R2.4 allows remote attackers to execute arbitrary SQL commands via the tfPassword parameter to nagiosql/index.php.
CVSS Score
7.5
EPSS Score
0.197
Published
2013-11-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved