Filtered by vendor Nagios Subscriptions
Filtered by product Nagios Xi Subscriptions

Search

Switch to Advanced Search (Beta)
Total 108 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-15709 1 Nagios 1 Nagios Xi 2024-11-21 N/A
Nagios XI 5.5.6 allows remote authenticated attackers to execute arbitrary commands via a crafted HTTP request.
CVE-2018-15708 1 Nagios 1 Nagios Xi 2024-11-21 N/A
Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request.
CVE-2018-10738 1 Nagios 1 Nagios Xi 2024-11-21 N/A
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/menuaccess.php chbKey1 parameter.
CVE-2018-10737 1 Nagios 1 Nagios Xi 2024-11-21 N/A
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter.
CVE-2018-10736 1 Nagios 1 Nagios Xi 2024-11-21 N/A
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/info.php key1 parameter.
CVE-2018-10735 1 Nagios 1 Nagios Xi 2024-11-21 N/A
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter.
CVE-2018-10554 1 Nagios 1 Nagios Xi 2024-11-21 N/A
An issue was discovered in Nagios XI 5.4.13. There is XSS exploitable via CSRF in (1) the Schedule New Report screen via the hour, minute, or ampm parameter, related to components/scheduledreporting; (2) includes/components/xicore/downtime.php, related to the update_pages function; (3) the ajaxhelper.php opts or background parameter; (4) the i[] array parameter to ajax_handler.php; or (5) the deploynotification.php title parameter.
CVE-2018-10553 1 Nagios 1 Nagios Xi 2024-11-21 N/A
An issue was discovered in Nagios XI 5.4.13. A registered user is able to use directory traversal to read local files, as demonstrated by URIs beginning with index.php?xiwindow=./ and config/?xiwindow=../ substrings.