Vulnerabilites related to op5 - monitor
Vulnerability from fkie_nvd
Published
2008-11-10 15:23
Modified
2024-11-21 00:53
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nagios:nagios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "286F0DB6-652E-4F1C-BB94-5D2F1C771697",
"versionEndIncluding": "3.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1CA91B05-9578-46D8-A21C-4E3C4AB4936A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0_b1:*:*:*:*:*:*:*",
"matchCriteriaId": "C178226A-CBE8-4ECB-BDA7-1E86C61D2A82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0_b2:*:*:*:*:*:*:*",
"matchCriteriaId": "5B75383C-C37C-485F-B6D2-B4A7F2F7B3E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0_b3:*:*:*:*:*:*:*",
"matchCriteriaId": "67AF4805-B2EE-40F5-8D92-D2953866AD6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0b1:*:*:*:*:*:*:*",
"matchCriteriaId": "52432776-C9C6-4CA7-B3D9-87513CBA5716",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0b2:*:*:*:*:*:*:*",
"matchCriteriaId": "601958D5-B393-4EFA-9A6F-A5A04A95F4BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0b3:*:*:*:*:*:*:*",
"matchCriteriaId": "99B2E88A-A611-43C5-8037-411D6B78EC03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0b4:*:*:*:*:*:*:*",
"matchCriteriaId": "2DCEFBFC-38BD-4F78-B068-1A90C6199CEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0b5:*:*:*:*:*:*:*",
"matchCriteriaId": "E61ACC55-1002-4FA3-8E5A-52041CE5DCD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0b6:*:*:*:*:*:*:*",
"matchCriteriaId": "6C773265-0BE7-463A-8E24-84D804F14AF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1A847327-D74E-460C-9F6F-E04C9B77E0C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F7425E3-F152-439B-B95F-5160E4593DBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E5911624-5BD8-4A40-B417-FCD926D352BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CF45013F-A844-4726-8B2A-EF602A3BC4C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0879A39F-7C92-4FD3-9FEF-2E7C4F2C0444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3A91E463-D239-4853-8A63-E01EE7DB319F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0b1:*:*:*:*:*:*:*",
"matchCriteriaId": "239CAF7F-E9BF-4D0F-BB99-EF51E1366516",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0b2:*:*:*:*:*:*:*",
"matchCriteriaId": "738DF14D-A716-46F0-87AC-2DB2F1E44594",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0b3:*:*:*:*:*:*:*",
"matchCriteriaId": "4E8E1234-9F0D-4E6F-BF58-5DAE8E41DB85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0b4:*:*:*:*:*:*:*",
"matchCriteriaId": "0073F69B-C5FA-470A-BA95-9C4E8033F5CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0b5:*:*:*:*:*:*:*",
"matchCriteriaId": "AAA7C5B6-C13D-4814-AA7B-444CF12E4DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0b6:*:*:*:*:*:*:*",
"matchCriteriaId": "E1209D1C-DD27-41FC-8DAF-BFC0B4B1D602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "39551FFC-E1F0-4D45-ADA6-AB3E74BB576D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "7BED52AA-BE20-447C-8896-4B591C42F66A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82DE68E3-7003-4675-96A9-6F7308E1E39C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E3F8DC3-2F34-4E11-A796-4EA7CB17FDDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7ADCBA8C-06DB-4D85-AEED-807E64A29DFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5D3EE2D7-BD17-4C37-ABA3-79FCE8328EFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "927B8496-720D-4B15-A12E-52169AFB38D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9E80B2-E349-488F-A870-9BD50D47A672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1121E86B-13EB-4DE3-816A-002C6DC15A70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4C3374C3-9F57-4014-8712-DDDAB52998FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E5D4F00F-C732-477B-988A-25F8E8D32D07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F7A5D5AC-9E4C-4F3B-A16A-C6DD18DD8D51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "725F9938-0A5C-4A59-BFA4-C58044DE26DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DDCA77EF-1020-4068-9CDC-5CF3B0CD66A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "751C46D5-877F-454B-8488-BBCA10CA4930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "F4754494-17BE-496E-A7B8-453B3028CC45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "CD15E8FA-04D3-4625-BEA5-9F5CC0337699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:alpha4:*:*:*:*:*:*",
"matchCriteriaId": "713C5F3E-AA57-4F52-AC0A-9B1F25C25580",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "0AFABA9F-4A45-4150-AED1-897267076A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "830BB564-82FD-4519-A8EA-DCDF74F2BC54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "9A975310-9591-4EBF-B987-CA43433B4C54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "8653D6A2-4B5B-4F1D-A898-8F81F29C6FC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "D18649FF-8838-432E-93B8-3F8B82B0DEA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "9375EA90-0763-4817-8C7D-2D7E116E043F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "C02C2F95-2AC2-4E0C-B5D0-785CDF1EDB85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "12E7BC34-65F0-4DD6-8809-F05320955479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "390CFA92-68AE-4DE9-A199-1B7290A82168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1E56F249-3E6A-4764-8CAE-D3E5B6A86AB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "953745B7-1381-47F5-8012-E699EFA065CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "87A8A3DA-61AF-4369-ACB0-7D54EEB1DAA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "40B7525F-EEE1-4537-BCE6-15DF3E348FEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A9A803F-1AD0-4359-B08C-79A68818BCA3",
"versionEndIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B40BB586-111A-427F-9B16-53423B0AD939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "061C311A-ABC7-49CA-B2FC-021A5E003000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FF2D71BF-88DE-4963-9313-30BFEC24DB37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B3DA7FD7-C403-4086-AC2F-A51CE368FFF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D52212-93AF-4397-B87B-7D778589F547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B760C26C-40A8-43DD-ADEA-7E2F0C8443A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "30126655-10BC-4EBF-9D60-D97EBFC8C6DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "516245EB-0DB3-48F0-917D-B93135C287BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3BB3AA0C-8439-4B87-BC36-DBF0F2E4C794",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6BA52C25-22A5-460F-82B8-E9CB6A3CF618",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests."
},
{
"lang": "es",
"value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en cmd.cgi en (1) Nagios 3.0.5 y (2) op5 Monitor antes de v4.0.1 permite a atacantes remotos enviar comandos al proceso Nagios y dispara la ejecuci\u00f3n de programas de su elecci\u00f3n por este proceso, mediante peticiones HTTP no especificadas."
}
],
"id": "CVE-2008-5028",
"lastModified": "2024-11-21T00:53:06.920",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-11-10T15:23:29.563",
"references": [
{
"source": "cve@mitre.org",
"url": "http://git.op5.org/git/?p=nagios.git%3Ba=commit%3Bh=814d8d4d1a73f7151eeed187c0667585d79fea18"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/49678"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32610"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32630"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33320"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35002"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200907-15.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se\u0026forum_name=nagios-devel"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2008/11/06/2"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1022165"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/3029"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1256"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46426"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46521"
},
{
"source": "cve@mitre.org",
"url": "https://www.ubuntu.com/usn/USN-698-3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.op5.org/git/?p=nagios.git%3Ba=commit%3Bh=814d8d4d1a73f7151eeed187c0667585d79fea18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/49678"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32610"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32630"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200907-15.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se\u0026forum_name=nagios-devel"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/11/06/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022165"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/3029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1256"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46426"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46521"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.ubuntu.com/usn/USN-698-3/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-31 20:55
Modified
2024-11-21 01:34
Severity ?
Summary
license.php in system-portal before 1.6.2 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the timestamp parameter for an install action.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:op5:monitor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4739B1AD-4ED5-4D34-882E-AA39DA3F3921",
"versionEndIncluding": "5.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:5.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5249E2B6-4B2B-4A4D-9C39-8362B422B0E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "108F8953-B90D-4341-8AD5-39E94F7F320B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:5.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "14C73510-4999-4C96-9705-59274F97BA77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:5.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "349F04CB-1BF5-4160-8FC6-72AAB95F3892",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:system-portal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7716E337-783B-4168-9F8B-B38276928818",
"versionEndIncluding": "1.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "license.php in system-portal before 1.6.2 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the timestamp parameter for an install action."
},
{
"lang": "es",
"value": "El codigo license.php en system-portal anterior a 1.6.2 del Monitor y Appliance op5 anterior a 5.5.3 permite a atacantes remotos ejecutar comandos arbitrarios mediante metacaracteres de shell en el par\u00e1metro de marca de tiempo para una acci\u00f3n de instalaci\u00f3n."
}
],
"id": "CVE-2012-0261",
"lastModified": "2024-11-21T01:34:40.933",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-31T20:55:04.133",
"references": [
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2012/Jan/62"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47417"
},
{
"source": "cve@mitre.org",
"url": "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/78064"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.op5.com/view.php?id=5094"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2012/Jan/62"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47417"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/78064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.op5.com/view.php?id=5094"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-14 16:15
Modified
2024-11-21 06:23
Severity ?
Summary
OP5 Monitor 8.3.1, 8.3.2, and OP5 8.3.3 are vulnerable to Cross Site Scripting (XSS).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/hosakauk/exploits/blob/master/itrs_op5_monitor_xss.pdf | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/hosakauk/exploits/blob/master/itrs_op5_monitor_xss.pdf | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:op5:monitor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "777C6D47-DA28-43E8-8AD2-38AC8E8859ED",
"versionEndIncluding": "8.3.3",
"versionStartIncluding": "8.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OP5 Monitor 8.3.1, 8.3.2, and OP5 8.3.3 are vulnerable to Cross Site Scripting (XSS)."
},
{
"lang": "es",
"value": "OP5 Monitor 8.3.1, 8.3.2 y OP5 8.3.3 son vulnerables a Cross Site Scripting (XSS)."
}
],
"id": "CVE-2021-40272",
"lastModified": "2024-11-21T06:23:48.560",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-14T16:15:10.810",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/hosakauk/exploits/blob/master/itrs_op5_monitor_xss.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/hosakauk/exploits/blob/master/itrs_op5_monitor_xss.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-11-10 15:23
Modified
2024-11-21 00:53
Severity ?
Summary
The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this process, via an (a) custom form or a (b) browser addon.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nagios:nagios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "286F0DB6-652E-4F1C-BB94-5D2F1C771697",
"versionEndIncluding": "3.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1CA91B05-9578-46D8-A21C-4E3C4AB4936A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0_b1:*:*:*:*:*:*:*",
"matchCriteriaId": "C178226A-CBE8-4ECB-BDA7-1E86C61D2A82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0_b2:*:*:*:*:*:*:*",
"matchCriteriaId": "5B75383C-C37C-485F-B6D2-B4A7F2F7B3E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0_b3:*:*:*:*:*:*:*",
"matchCriteriaId": "67AF4805-B2EE-40F5-8D92-D2953866AD6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0b1:*:*:*:*:*:*:*",
"matchCriteriaId": "52432776-C9C6-4CA7-B3D9-87513CBA5716",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0b2:*:*:*:*:*:*:*",
"matchCriteriaId": "601958D5-B393-4EFA-9A6F-A5A04A95F4BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0b3:*:*:*:*:*:*:*",
"matchCriteriaId": "99B2E88A-A611-43C5-8037-411D6B78EC03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0b4:*:*:*:*:*:*:*",
"matchCriteriaId": "2DCEFBFC-38BD-4F78-B068-1A90C6199CEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0b5:*:*:*:*:*:*:*",
"matchCriteriaId": "E61ACC55-1002-4FA3-8E5A-52041CE5DCD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.0b6:*:*:*:*:*:*:*",
"matchCriteriaId": "6C773265-0BE7-463A-8E24-84D804F14AF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1A847327-D74E-460C-9F6F-E04C9B77E0C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F7425E3-F152-439B-B95F-5160E4593DBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E5911624-5BD8-4A40-B417-FCD926D352BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CF45013F-A844-4726-8B2A-EF602A3BC4C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0879A39F-7C92-4FD3-9FEF-2E7C4F2C0444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3A91E463-D239-4853-8A63-E01EE7DB319F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0b1:*:*:*:*:*:*:*",
"matchCriteriaId": "239CAF7F-E9BF-4D0F-BB99-EF51E1366516",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0b2:*:*:*:*:*:*:*",
"matchCriteriaId": "738DF14D-A716-46F0-87AC-2DB2F1E44594",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0b3:*:*:*:*:*:*:*",
"matchCriteriaId": "4E8E1234-9F0D-4E6F-BF58-5DAE8E41DB85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0b4:*:*:*:*:*:*:*",
"matchCriteriaId": "0073F69B-C5FA-470A-BA95-9C4E8033F5CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0b5:*:*:*:*:*:*:*",
"matchCriteriaId": "AAA7C5B6-C13D-4814-AA7B-444CF12E4DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0b6:*:*:*:*:*:*:*",
"matchCriteriaId": "E1209D1C-DD27-41FC-8DAF-BFC0B4B1D602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "39551FFC-E1F0-4D45-ADA6-AB3E74BB576D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.0rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "7BED52AA-BE20-447C-8896-4B591C42F66A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82DE68E3-7003-4675-96A9-6F7308E1E39C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E3F8DC3-2F34-4E11-A796-4EA7CB17FDDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7ADCBA8C-06DB-4D85-AEED-807E64A29DFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5D3EE2D7-BD17-4C37-ABA3-79FCE8328EFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "927B8496-720D-4B15-A12E-52169AFB38D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9E80B2-E349-488F-A870-9BD50D47A672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1121E86B-13EB-4DE3-816A-002C6DC15A70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4C3374C3-9F57-4014-8712-DDDAB52998FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E5D4F00F-C732-477B-988A-25F8E8D32D07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F7A5D5AC-9E4C-4F3B-A16A-C6DD18DD8D51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "725F9938-0A5C-4A59-BFA4-C58044DE26DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DDCA77EF-1020-4068-9CDC-5CF3B0CD66A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "751C46D5-877F-454B-8488-BBCA10CA4930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "F4754494-17BE-496E-A7B8-453B3028CC45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "CD15E8FA-04D3-4625-BEA5-9F5CC0337699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:alpha4:*:*:*:*:*:*",
"matchCriteriaId": "713C5F3E-AA57-4F52-AC0A-9B1F25C25580",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "0AFABA9F-4A45-4150-AED1-897267076A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "830BB564-82FD-4519-A8EA-DCDF74F2BC54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "9A975310-9591-4EBF-B987-CA43433B4C54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "8653D6A2-4B5B-4F1D-A898-8F81F29C6FC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "D18649FF-8838-432E-93B8-3F8B82B0DEA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "9375EA90-0763-4817-8C7D-2D7E116E043F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "C02C2F95-2AC2-4E0C-B5D0-785CDF1EDB85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "12E7BC34-65F0-4DD6-8809-F05320955479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "390CFA92-68AE-4DE9-A199-1B7290A82168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1E56F249-3E6A-4764-8CAE-D3E5B6A86AB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "953745B7-1381-47F5-8012-E699EFA065CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "87A8A3DA-61AF-4369-ACB0-7D54EEB1DAA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nagios:nagios:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "40B7525F-EEE1-4537-BCE6-15DF3E348FEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A9A803F-1AD0-4359-B08C-79A68818BCA3",
"versionEndIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B40BB586-111A-427F-9B16-53423B0AD939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "061C311A-ABC7-49CA-B2FC-021A5E003000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FF2D71BF-88DE-4963-9313-30BFEC24DB37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B3DA7FD7-C403-4086-AC2F-A51CE368FFF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D52212-93AF-4397-B87B-7D778589F547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B760C26C-40A8-43DD-ADEA-7E2F0C8443A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "30126655-10BC-4EBF-9D60-D97EBFC8C6DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "516245EB-0DB3-48F0-917D-B93135C287BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3BB3AA0C-8439-4B87-BC36-DBF0F2E4C794",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6BA52C25-22A5-460F-82B8-E9CB6A3CF618",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this process, via an (a) custom form or a (b) browser addon."
},
{
"lang": "es",
"value": "El proceso Nagios en (1) Nagios anterior a v3.0.5 y (2) op5 Monitor anterior a v4.0.1 ; permite a usuarios autenticados en remoto evitar las comprobaciones de autorizaci\u00f3n y provocar la ejecuci\u00f3n de ficheros de su elecci\u00f3n por este proceso a trav\u00e9s de (a) un formulario personalizado o (b) un complemento para el navegador."
}
],
"id": "CVE-2008-5027",
"lastModified": "2024-11-21T00:53:06.740",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-11-10T15:23:29.533",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33320"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35002"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200907-15.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se\u0026forum_name=nagios-devel"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.nagios.org/development/history/nagios-3x.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2008/11/06/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/32156"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1022165"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-698-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/3029"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/3364"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1256"
},
{
"source": "cve@mitre.org",
"url": "https://www.ubuntu.com/usn/USN-698-3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200907-15.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se\u0026forum_name=nagios-devel"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.nagios.org/development/history/nagios-3x.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/11/06/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/32156"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022165"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-698-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/3029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/3364"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1256"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.ubuntu.com/usn/USN-698-3/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-31 20:55
Modified
2024-11-21 01:34
Severity ?
Summary
op5config/welcome in system-op5config before 2.0.3 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the password parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:op5:monitor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4739B1AD-4ED5-4D34-882E-AA39DA3F3921",
"versionEndIncluding": "5.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:5.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5249E2B6-4B2B-4A4D-9C39-8362B422B0E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "108F8953-B90D-4341-8AD5-39E94F7F320B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:5.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "14C73510-4999-4C96-9705-59274F97BA77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:5.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "349F04CB-1BF5-4160-8FC6-72AAB95F3892",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:system-op5config:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07BBAB66-2F08-4BEE-8344-7820F32F3D25",
"versionEndIncluding": "2.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "op5config/welcome in system-op5config before 2.0.3 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the password parameter."
},
{
"lang": "es",
"value": "op5config/welcome en el sistema-op5config anterior a 2.0.3 en el Monitor y Appliance de op5 antes de 5.5.3 permite a atacantes remotos ejecutar comandos arbitrarios mediante metacaracteres de shell en el par\u00e1metro de contrase\u00f1a."
}
],
"id": "CVE-2012-0262",
"lastModified": "2024-11-21T01:34:41.067",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-31T20:55:15.040",
"references": [
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2012/Jan/62"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47417"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/78065"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.op5.com/view.php?id=5094"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2012/Jan/62"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47417"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/78065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.op5.com/view.php?id=5094"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-31 20:55
Modified
2024-11-21 01:34
Severity ?
Summary
op5 Monitor and op5 Appliance before 5.5.0 do not properly manage session cookies, which allows remote attackers to have an unspecified impact via unspecified vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:op5:monitor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84F5CF91-7C97-4247-9F2B-B7AA89CBD03F",
"versionEndIncluding": "5.4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:5.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5249E2B6-4B2B-4A4D-9C39-8362B422B0E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "108F8953-B90D-4341-8AD5-39E94F7F320B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "op5 Monitor and op5 Appliance before 5.5.0 do not properly manage session cookies, which allows remote attackers to have an unspecified impact via unspecified vectors."
},
{
"lang": "es",
"value": "Monitor y Appliance op5 anterior a 5.5.0 no gestionan adecuadamente las cookies de sesi\u00f3n, que permite a atacantes remotos tener un impacto no especificado a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2012-0264",
"lastModified": "2024-11-21T01:34:41.327",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-31T20:55:15.103",
"references": [
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2012/Jan/62"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47344"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/78066"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.op5.com/view.php?id=5094"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2012/Jan/62"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47344"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/78066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.op5.com/view.php?id=5094"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-01-29 18:55
Modified
2024-11-21 01:58
Severity ?
Summary
Unspecified vulnerability in op5 Monitor before 6.1.3 allows attackers to read arbitrary files via unknown vectors related to lack of authorization.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.op5.com/view.php?id=7677 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.op5.com/view.php?id=7677 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| op5 | monitor | * | |
| op5 | monitor | 5.3.5 | |
| op5 | monitor | 5.4.0 | |
| op5 | monitor | 5.4.2 | |
| op5 | monitor | 5.5.0 | |
| op5 | monitor | 5.5.1 | |
| op5 | monitor | 5.5.3 | |
| op5 | monitor | 5.5.3.1 | |
| op5 | monitor | 5.6.0 | |
| op5 | monitor | 5.6.1 | |
| op5 | monitor | 5.6.2.2 | |
| op5 | monitor | 5.7.0 | |
| op5 | monitor | 5.7.1 | |
| op5 | monitor | 5.7.3 | |
| op5 | monitor | 5.7.3.1 | |
| op5 | monitor | 5.7.3.3 | |
| op5 | monitor | 5.7.4 | |
| op5 | monitor | 5.8.0 | |
| op5 | monitor | 5.8.1 | |
| op5 | monitor | 6.0.0 | |
| op5 | monitor | 6.0.3 | |
| op5 | monitor | 6.0.4 | |
| op5 | monitor | 6.0.6 | |
| op5 | monitor | 6.0.7 | |
| op5 | monitor | 6.1.0 | |
| op5 | monitor | 6.1.0 | |
| op5 | monitor | 6.1.1 | |
| op5 | monitor | 6.1.2 | |
| op5 | monitor | 6.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:op5:monitor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16F6B904-253D-4E7F-8622-6B967349D20D",
"versionEndIncluding": "6.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:5.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5249E2B6-4B2B-4A4D-9C39-8362B422B0E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "108F8953-B90D-4341-8AD5-39E94F7F320B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:5.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "14C73510-4999-4C96-9705-59274F97BA77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:5.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "349F04CB-1BF5-4160-8FC6-72AAB95F3892",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "889DD546-5FED-45D8-B292-3264F8067ED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:5.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE79533-1215-4E51-8990-8C07AB955015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:5.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AD72DDBB-FA90-4461-B6E7-232D2DA444E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:5.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F27C395-9FB0-40B2-AB97-A2D686CC9642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:5.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "235C79EA-71BA-49B1-82F3-810B1F8BE592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:5.6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CD9526D0-1975-4DE4-9B94-EA1330B4DBC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:5.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8B1BF247-489D-4B88-9BE0-39C65A00D9D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:5.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D1A976D4-51D9-40AB-9BF9-128155FDFCA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:5.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5114F9D2-3F6E-4E46-B2F3-ED717D12F5D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:5.7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25008310-B89A-48E8-B058-F5C0971CC5D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:5.7.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F34A6B-02D3-4C42-85BC-211FAB873C03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:5.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "82ED65BC-94BB-4EDD-ACFE-487A8257C4DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:5.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2A9C6D62-8176-4C2C-BB18-65A4CBA7CCB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:5.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B3F0166B-78EB-495E-8876-0A3EA301C79D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "105D35C3-670A-4102-AB01-580CDF3C95DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F58846E2-70F9-44B3-B921-A56D38C20124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "576B7FD1-7B11-43C4-85BA-9AF2DEC5EC54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A454DB17-0FFD-40BF-8A73-F5C48A5B5BDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9B97260B-EFAE-4E63-A69B-147EC59C807D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "97BBF0D4-F85E-4FAE-962F-4DA480EF51A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:6.1.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "2B961EFE-B11F-4715-A53E-92BCF68F38A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B425862-7E3A-40C1-B72A-E353E6F15C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:6.1.2:alpha:*:*:*:*:*:*",
"matchCriteriaId": "A1D765DC-74EF-4A97-A46E-F34F9FDBDECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:6.1.2:beta4:*:*:*:*:*:*",
"matchCriteriaId": "54E47133-E610-4DA7-85DF-72A668E1E5FF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in op5 Monitor before 6.1.3 allows attackers to read arbitrary files via unknown vectors related to lack of authorization."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en op5 Monitor anterior a la versi\u00f3n 6.1.3 permite a atacantes remotos leer archivos arbitrarios a trav\u00e9s de vectores desconocidos relacionados con una falta de autorizaci\u00f3n."
}
],
"id": "CVE-2013-6141",
"lastModified": "2024-11-21T01:58:44.713",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-01-29T18:55:26.933",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://bugs.op5.com/view.php?id=7677"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://bugs.op5.com/view.php?id=7677"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-11 11:08
Modified
2024-11-21 02:11
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in share/pnp/application/views/kohana_error_page.php in PNP4Nagios before 0.6.22 allows remote attackers to inject arbitrary web script or HTML via a parameter that is not properly handled in an error message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| op5 | monitor | 6.3.0 | |
| pnp4nagios | pnp4nagios | * | |
| pnp4nagios | pnp4nagios | 0.6.0 | |
| pnp4nagios | pnp4nagios | 0.6.1 | |
| pnp4nagios | pnp4nagios | 0.6.2 | |
| pnp4nagios | pnp4nagios | 0.6.3 | |
| pnp4nagios | pnp4nagios | 0.6.4 | |
| pnp4nagios | pnp4nagios | 0.6.5 | |
| pnp4nagios | pnp4nagios | 0.6.6 | |
| pnp4nagios | pnp4nagios | 0.6.7 | |
| pnp4nagios | pnp4nagios | 0.6.10 | |
| pnp4nagios | pnp4nagios | 0.6.11 | |
| pnp4nagios | pnp4nagios | 0.6.12 | |
| pnp4nagios | pnp4nagios | 0.6.13 | |
| pnp4nagios | pnp4nagios | 0.6.14 | |
| pnp4nagios | pnp4nagios | 0.6.15 | |
| pnp4nagios | pnp4nagios | 0.6.16 | |
| pnp4nagios | pnp4nagios | 0.6.17 | |
| pnp4nagios | pnp4nagios | 0.6.18 | |
| pnp4nagios | pnp4nagios | 0.6.19 | |
| pnp4nagios | pnp4nagios | 0.6.20 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:op5:monitor:6.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB86E63-02B5-4B8E-BF95-49FEB4B5998D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pnp4nagios:pnp4nagios:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8B7237D-1D86-46C5-BEFB-A2DC8D9BEE56",
"versionEndIncluding": "0.6.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD6A23D8-523A-4954-A93F-6D4D3FA8F1C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BA83CAF-0BC7-456E-ACE0-3DAEA46432DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D6A6EA17-402B-4A98-BD7D-97E8F9D4A45D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2AB7A928-17CA-49DD-98F8-9CD3B3A9711C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4F6F00-CD12-48FC-AB40-1B6658F56FEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1AD65E85-E76B-43ED-BAC4-76BE852DC8A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "083B12F0-6BD9-41B3-891F-A065C653F280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AC5FAE37-3D3C-4E4C-8D24-FEAFBB250641",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "5696B4F3-E44A-43E3-A24C-53D85C36CC58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "38C497FF-5494-4177-B266-E83A27304E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "070CAFD5-1694-4113-83F7-0C47ACD76918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "9FD4787A-A1CA-47C9-9E90-B2D26CA45A15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "3A4BA737-71F2-4115-AD16-A2AE64ADEB13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D2A7B2E7-28AC-4E92-875C-DFE61B3F29D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.16:*:*:*:*:*:*:*",
"matchCriteriaId": "FA031C5B-4BFA-4DC1-8EEE-E5C3E42A356F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.17:*:*:*:*:*:*:*",
"matchCriteriaId": "9A5B598F-CD97-4E30-A677-5393CF5196F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.18:*:*:*:*:*:*:*",
"matchCriteriaId": "EAC6EB20-A966-4A6F-8776-0032DBED669D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.19:*:*:*:*:*:*:*",
"matchCriteriaId": "A5116144-9290-497A-8021-F0D9BA89A572",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pnp4nagios:pnp4nagios:0.6.20:*:*:*:*:*:*:*",
"matchCriteriaId": "20E7828E-CFE6-4165-9330-482E8192E8A0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in share/pnp/application/views/kohana_error_page.php in PNP4Nagios before 0.6.22 allows remote attackers to inject arbitrary web script or HTML via a parameter that is not properly handled in an error message."
},
{
"lang": "es",
"value": "Vulnerabildad de XSS en share/pnp/application/views/kohana_error_page.php en PNP4Nagios anterior a 0.6.22 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de un par\u00e1metro que no se maneja debidamente en un mensaje de error."
}
],
"id": "CVE-2014-4907",
"lastModified": "2024-11-21T02:11:05.947",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-07-11T11:08:22.760",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://docs.pnp4nagios.org/pnp-0.6/dwnld"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2014/07/11/3"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/59535"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/59603"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://sourceforge.net/p/pnp4nagios/code/ci/f846a6c9d007ca2bee05359af747619151195fc9"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.op5.com/blog/news/op5-monitor-6-3-1-release-notes"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/68350"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.op5.com/view.php?id=8761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://docs.pnp4nagios.org/pnp-0.6/dwnld"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2014/07/11/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59535"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59603"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://sourceforge.net/p/pnp4nagios/code/ci/f846a6c9d007ca2bee05359af747619151195fc9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.op5.com/blog/news/op5-monitor-6-3-1-release-notes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/68350"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.op5.com/view.php?id=8761"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-31 20:55
Modified
2024-11-21 01:34
Severity ?
Summary
monitor/index.php in op5 Monitor and op5 Appliance before 5.5.1 allows remote authenticated users to obtain sensitive information such as database and user credentials via error messages that are triggered by (1) a malformed hoststatustypes parameter to status/service/all or (2) a crafted request to config.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:op5:monitor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B57AA6A1-CF28-46DC-80FA-67F1023933EF",
"versionEndIncluding": "5.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:5.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5249E2B6-4B2B-4A4D-9C39-8362B422B0E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "108F8953-B90D-4341-8AD5-39E94F7F320B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:op5:monitor:5.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "14C73510-4999-4C96-9705-59274F97BA77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "monitor/index.php in op5 Monitor and op5 Appliance before 5.5.1 allows remote authenticated users to obtain sensitive information such as database and user credentials via error messages that are triggered by (1) a malformed hoststatustypes parameter to status/service/all or (2) a crafted request to config."
},
{
"lang": "es",
"value": "monitor / index.php en el Monitor y Appliance de op5 anteriores a 5.5.1 permite a usuarios remotos autenticados obtener informaci\u00f3n confidencial, como bases de datos y las credenciales del usuario a trav\u00e9s de los mensajes de error que se desencadenan por (1) un par\u00e1metro hoststatustypes malformado en estado/servicio/ todos o (2) una solicitud manipulada en las configuraciones."
}
],
"id": "CVE-2012-0263",
"lastModified": "2024-11-21T01:34:41.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-31T20:55:15.073",
"references": [
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2012/Jan/62"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47344"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/78067"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.op5.com/view.php?id=5094"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2012/Jan/62"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47344"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/78067"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.op5.com/view.php?id=5094"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2008-5027
Vulnerability from cvelistv5
Published
2008-11-10 15:00
Modified
2024-08-07 10:40
Severity ?
EPSS score ?
Summary
The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this process, via an (a) custom form or a (b) browser addon.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:40:17.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[nagios-devel] 20081107 Security fixes completed",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se\u0026forum_name=nagios-devel"
},
{
"name": "ADV-2008-3364",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3364"
},
{
"name": "GLSA-200907-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200907-15.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nagios.org/development/history/nagios-3x.php"
},
{
"name": "33320",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33320"
},
{
"name": "[oss-security] 20081106 CVE request: Nagios (two issues)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/11/06/2"
},
{
"name": "32156",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32156"
},
{
"name": "1022165",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022165"
},
{
"name": "USN-698-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://www.ubuntu.com/usn/USN-698-3/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor"
},
{
"name": "ADV-2008-3029",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3029"
},
{
"name": "SSRT090060",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"name": "HPSBMA02419",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"name": "ADV-2009-1256",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1256"
},
{
"name": "USN-698-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-698-1"
},
{
"name": "35002",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35002"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this process, via an (a) custom form or a (b) browser addon."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[nagios-devel] 20081107 Security fixes completed",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se\u0026forum_name=nagios-devel"
},
{
"name": "ADV-2008-3364",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3364"
},
{
"name": "GLSA-200907-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200907-15.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nagios.org/development/history/nagios-3x.php"
},
{
"name": "33320",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33320"
},
{
"name": "[oss-security] 20081106 CVE request: Nagios (two issues)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/11/06/2"
},
{
"name": "32156",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32156"
},
{
"name": "1022165",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022165"
},
{
"name": "USN-698-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://www.ubuntu.com/usn/USN-698-3/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor"
},
{
"name": "ADV-2008-3029",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3029"
},
{
"name": "SSRT090060",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"name": "HPSBMA02419",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"name": "ADV-2009-1256",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1256"
},
{
"name": "USN-698-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-698-1"
},
{
"name": "35002",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35002"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5027",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this process, via an (a) custom form or a (b) browser addon."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[nagios-devel] 20081107 Security fixes completed",
"refsource": "MLIST",
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se\u0026forum_name=nagios-devel"
},
{
"name": "ADV-2008-3364",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3364"
},
{
"name": "GLSA-200907-15",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200907-15.xml"
},
{
"name": "http://www.nagios.org/development/history/nagios-3x.php",
"refsource": "MISC",
"url": "http://www.nagios.org/development/history/nagios-3x.php"
},
{
"name": "33320",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33320"
},
{
"name": "[oss-security] 20081106 CVE request: Nagios (two issues)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/11/06/2"
},
{
"name": "32156",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32156"
},
{
"name": "1022165",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022165"
},
{
"name": "USN-698-3",
"refsource": "UBUNTU",
"url": "https://www.ubuntu.com/usn/USN-698-3/"
},
{
"name": "http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor",
"refsource": "CONFIRM",
"url": "http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor"
},
{
"name": "ADV-2008-3029",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3029"
},
{
"name": "SSRT090060",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"name": "HPSBMA02419",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"name": "ADV-2009-1256",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1256"
},
{
"name": "USN-698-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-698-1"
},
{
"name": "35002",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35002"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5027",
"datePublished": "2008-11-10T15:00:00",
"dateReserved": "2008-11-10T00:00:00",
"dateUpdated": "2024-08-07T10:40:17.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-5028
Vulnerability from cvelistv5
Published
2008-11-10 15:00
Modified
2024-08-07 10:40
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:40:16.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "nagios-cmd-csrf(46426)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46426"
},
{
"name": "[nagios-devel] 20081107 Security fixes completed",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se\u0026forum_name=nagios-devel"
},
{
"name": "op5monitor-unspecified-csrf(46521)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46521"
},
{
"name": "GLSA-200907-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200907-15.xml"
},
{
"name": "33320",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33320"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.op5.org/git/?p=nagios.git%3Ba=commit%3Bh=814d8d4d1a73f7151eeed187c0667585d79fea18"
},
{
"name": "[oss-security] 20081106 CVE request: Nagios (two issues)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/11/06/2"
},
{
"name": "1022165",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022165"
},
{
"name": "USN-698-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://www.ubuntu.com/usn/USN-698-3/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor"
},
{
"name": "ADV-2008-3029",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3029"
},
{
"name": "SSRT090060",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"name": "HPSBMA02419",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"name": "ADV-2009-1256",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1256"
},
{
"name": "32610",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32610"
},
{
"name": "32630",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32630"
},
{
"name": "35002",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35002"
},
{
"name": "49678",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/49678"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "nagios-cmd-csrf(46426)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46426"
},
{
"name": "[nagios-devel] 20081107 Security fixes completed",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se\u0026forum_name=nagios-devel"
},
{
"name": "op5monitor-unspecified-csrf(46521)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46521"
},
{
"name": "GLSA-200907-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200907-15.xml"
},
{
"name": "33320",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33320"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.op5.org/git/?p=nagios.git%3Ba=commit%3Bh=814d8d4d1a73f7151eeed187c0667585d79fea18"
},
{
"name": "[oss-security] 20081106 CVE request: Nagios (two issues)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/11/06/2"
},
{
"name": "1022165",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022165"
},
{
"name": "USN-698-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://www.ubuntu.com/usn/USN-698-3/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor"
},
{
"name": "ADV-2008-3029",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3029"
},
{
"name": "SSRT090060",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"name": "HPSBMA02419",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"name": "ADV-2009-1256",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1256"
},
{
"name": "32610",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32610"
},
{
"name": "32630",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32630"
},
{
"name": "35002",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35002"
},
{
"name": "49678",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/49678"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "nagios-cmd-csrf(46426)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46426"
},
{
"name": "[nagios-devel] 20081107 Security fixes completed",
"refsource": "MLIST",
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se\u0026forum_name=nagios-devel"
},
{
"name": "op5monitor-unspecified-csrf(46521)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46521"
},
{
"name": "GLSA-200907-15",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200907-15.xml"
},
{
"name": "33320",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33320"
},
{
"name": "http://git.op5.org/git/?p=nagios.git;a=commit;h=814d8d4d1a73f7151eeed187c0667585d79fea18",
"refsource": "CONFIRM",
"url": "http://git.op5.org/git/?p=nagios.git;a=commit;h=814d8d4d1a73f7151eeed187c0667585d79fea18"
},
{
"name": "[oss-security] 20081106 CVE request: Nagios (two issues)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/11/06/2"
},
{
"name": "1022165",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022165"
},
{
"name": "USN-698-3",
"refsource": "UBUNTU",
"url": "https://www.ubuntu.com/usn/USN-698-3/"
},
{
"name": "http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor",
"refsource": "CONFIRM",
"url": "http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor"
},
{
"name": "ADV-2008-3029",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3029"
},
{
"name": "SSRT090060",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"name": "HPSBMA02419",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"name": "ADV-2009-1256",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1256"
},
{
"name": "32610",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32610"
},
{
"name": "32630",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32630"
},
{
"name": "35002",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35002"
},
{
"name": "49678",
"refsource": "OSVDB",
"url": "http://osvdb.org/49678"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5028",
"datePublished": "2008-11-10T15:00:00",
"dateReserved": "2008-11-10T00:00:00",
"dateUpdated": "2024-08-07T10:40:16.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-0263
Vulnerability from cvelistv5
Published
2013-12-31 20:00
Modified
2024-08-06 18:16
Severity ?
EPSS score ?
Summary
monitor/index.php in op5 Monitor and op5 Appliance before 5.5.1 allows remote authenticated users to obtain sensitive information such as database and user credentials via error messages that are triggered by (1) a malformed hoststatustypes parameter to status/service/all or (2) a crafted request to config.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/78067 | vdb-entry, x_refsource_OSVDB | |
| https://bugs.op5.com/view.php?id=5094 | x_refsource_CONFIRM | |
| http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/ | x_refsource_CONFIRM | |
| http://secunia.com/advisories/47344 | third-party-advisory, x_refsource_SECUNIA | |
| http://seclists.org/fulldisclosure/2012/Jan/62 | mailing-list, x_refsource_FULLDISC | |
| http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:16:20.085Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "78067",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/78067"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.op5.com/view.php?id=5094"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/"
},
{
"name": "47344",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47344"
},
{
"name": "20120107 OP5 Monitor - Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2012/Jan/62"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "monitor/index.php in op5 Monitor and op5 Appliance before 5.5.1 allows remote authenticated users to obtain sensitive information such as database and user credentials via error messages that are triggered by (1) a malformed hoststatustypes parameter to status/service/all or (2) a crafted request to config."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-29T17:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "78067",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/78067"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.op5.com/view.php?id=5094"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/"
},
{
"name": "47344",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47344"
},
{
"name": "20120107 OP5 Monitor - Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2012/Jan/62"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0263",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "monitor/index.php in op5 Monitor and op5 Appliance before 5.5.1 allows remote authenticated users to obtain sensitive information such as database and user credentials via error messages that are triggered by (1) a malformed hoststatustypes parameter to status/service/all or (2) a crafted request to config."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "78067",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/78067"
},
{
"name": "https://bugs.op5.com/view.php?id=5094",
"refsource": "CONFIRM",
"url": "https://bugs.op5.com/view.php?id=5094"
},
{
"name": "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/",
"refsource": "CONFIRM",
"url": "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/"
},
{
"name": "47344",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47344"
},
{
"name": "20120107 OP5 Monitor - Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2012/Jan/62"
},
{
"name": "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf",
"refsource": "MISC",
"url": "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0263",
"datePublished": "2013-12-31T20:00:00",
"dateReserved": "2011-12-21T00:00:00",
"dateUpdated": "2024-08-06T18:16:20.085Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-0261
Vulnerability from cvelistv5
Published
2013-12-31 20:00
Modified
2024-08-06 18:16
Severity ?
EPSS score ?
Summary
license.php in system-portal before 1.6.2 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the timestamp parameter for an install action.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.op5.com/view.php?id=5094 | x_refsource_CONFIRM | |
| http://www.osvdb.org/78064 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/47417 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/ | x_refsource_CONFIRM | |
| http://seclists.org/fulldisclosure/2012/Jan/62 | mailing-list, x_refsource_FULLDISC | |
| http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:16:19.729Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.op5.com/view.php?id=5094"
},
{
"name": "78064",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/78064"
},
{
"name": "47417",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47417"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/"
},
{
"name": "20120107 OP5 Monitor - Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2012/Jan/62"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "license.php in system-portal before 1.6.2 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the timestamp parameter for an install action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-29T17:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.op5.com/view.php?id=5094"
},
{
"name": "78064",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/78064"
},
{
"name": "47417",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47417"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/"
},
{
"name": "20120107 OP5 Monitor - Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2012/Jan/62"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0261",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "license.php in system-portal before 1.6.2 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the timestamp parameter for an install action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.op5.com/view.php?id=5094",
"refsource": "CONFIRM",
"url": "https://bugs.op5.com/view.php?id=5094"
},
{
"name": "78064",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/78064"
},
{
"name": "47417",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47417"
},
{
"name": "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/",
"refsource": "CONFIRM",
"url": "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/"
},
{
"name": "20120107 OP5 Monitor - Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2012/Jan/62"
},
{
"name": "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf",
"refsource": "MISC",
"url": "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0261",
"datePublished": "2013-12-31T20:00:00",
"dateReserved": "2011-12-21T00:00:00",
"dateUpdated": "2024-08-06T18:16:19.729Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6141
Vulnerability from cvelistv5
Published
2014-01-29 18:00
Modified
2024-08-06 17:29
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in op5 Monitor before 6.1.3 allows attackers to read arbitrary files via unknown vectors related to lack of authorization.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.op5.com/view.php?id=7677 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:42.978Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.op5.com/view.php?id=7677"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-10-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in op5 Monitor before 6.1.3 allows attackers to read arbitrary files via unknown vectors related to lack of authorization."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-29T17:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.op5.com/view.php?id=7677"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6141",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in op5 Monitor before 6.1.3 allows attackers to read arbitrary files via unknown vectors related to lack of authorization."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.op5.com/view.php?id=7677",
"refsource": "CONFIRM",
"url": "https://bugs.op5.com/view.php?id=7677"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6141",
"datePublished": "2014-01-29T18:00:00",
"dateReserved": "2013-10-15T00:00:00",
"dateUpdated": "2024-08-06T17:29:42.978Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-0264
Vulnerability from cvelistv5
Published
2013-12-31 20:00
Modified
2024-08-06 18:16
Severity ?
EPSS score ?
Summary
op5 Monitor and op5 Appliance before 5.5.0 do not properly manage session cookies, which allows remote attackers to have an unspecified impact via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/78066 | vdb-entry, x_refsource_OSVDB | |
| https://bugs.op5.com/view.php?id=5094 | x_refsource_CONFIRM | |
| http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/ | x_refsource_CONFIRM | |
| http://secunia.com/advisories/47344 | third-party-advisory, x_refsource_SECUNIA | |
| http://seclists.org/fulldisclosure/2012/Jan/62 | mailing-list, x_refsource_FULLDISC | |
| http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:16:20.165Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "78066",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/78066"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.op5.com/view.php?id=5094"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/"
},
{
"name": "47344",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47344"
},
{
"name": "20120107 OP5 Monitor - Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2012/Jan/62"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "op5 Monitor and op5 Appliance before 5.5.0 do not properly manage session cookies, which allows remote attackers to have an unspecified impact via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-29T17:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "78066",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/78066"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.op5.com/view.php?id=5094"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/"
},
{
"name": "47344",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47344"
},
{
"name": "20120107 OP5 Monitor - Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2012/Jan/62"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0264",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "op5 Monitor and op5 Appliance before 5.5.0 do not properly manage session cookies, which allows remote attackers to have an unspecified impact via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "78066",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/78066"
},
{
"name": "https://bugs.op5.com/view.php?id=5094",
"refsource": "CONFIRM",
"url": "https://bugs.op5.com/view.php?id=5094"
},
{
"name": "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/",
"refsource": "CONFIRM",
"url": "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/"
},
{
"name": "47344",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47344"
},
{
"name": "20120107 OP5 Monitor - Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2012/Jan/62"
},
{
"name": "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf",
"refsource": "MISC",
"url": "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0264",
"datePublished": "2013-12-31T20:00:00",
"dateReserved": "2011-12-21T00:00:00",
"dateUpdated": "2024-08-06T18:16:20.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-4907
Vulnerability from cvelistv5
Published
2014-07-11 10:00
Modified
2024-08-06 11:27
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in share/pnp/application/views/kohana_error_page.php in PNP4Nagios before 0.6.22 allows remote attackers to inject arbitrary web script or HTML via a parameter that is not properly handled in an error message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/59535 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/59603 | third-party-advisory, x_refsource_SECUNIA | |
| https://bugs.op5.com/view.php?id=8761 | x_refsource_CONFIRM | |
| http://sourceforge.net/p/pnp4nagios/code/ci/f846a6c9d007ca2bee05359af747619151195fc9 | x_refsource_CONFIRM | |
| http://www.op5.com/blog/news/op5-monitor-6-3-1-release-notes | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/68350 | vdb-entry, x_refsource_BID | |
| http://openwall.com/lists/oss-security/2014/07/11/3 | mailing-list, x_refsource_MLIST | |
| http://docs.pnp4nagios.org/pnp-0.6/dwnld | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:37.062Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "59535",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59535"
},
{
"name": "59603",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59603"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.op5.com/view.php?id=8761"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/p/pnp4nagios/code/ci/f846a6c9d007ca2bee05359af747619151195fc9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.op5.com/blog/news/op5-monitor-6-3-1-release-notes"
},
{
"name": "68350",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68350"
},
{
"name": "[oss-security] 20140711 Re: CVE request: XSS in PNP4Nagios",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/07/11/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.pnp4nagios.org/pnp-0.6/dwnld"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in share/pnp/application/views/kohana_error_page.php in PNP4Nagios before 0.6.22 allows remote attackers to inject arbitrary web script or HTML via a parameter that is not properly handled in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-07-14T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "59535",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59535"
},
{
"name": "59603",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59603"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.op5.com/view.php?id=8761"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/p/pnp4nagios/code/ci/f846a6c9d007ca2bee05359af747619151195fc9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.op5.com/blog/news/op5-monitor-6-3-1-release-notes"
},
{
"name": "68350",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68350"
},
{
"name": "[oss-security] 20140711 Re: CVE request: XSS in PNP4Nagios",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/07/11/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.pnp4nagios.org/pnp-0.6/dwnld"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4907",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in share/pnp/application/views/kohana_error_page.php in PNP4Nagios before 0.6.22 allows remote attackers to inject arbitrary web script or HTML via a parameter that is not properly handled in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "59535",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59535"
},
{
"name": "59603",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59603"
},
{
"name": "https://bugs.op5.com/view.php?id=8761",
"refsource": "CONFIRM",
"url": "https://bugs.op5.com/view.php?id=8761"
},
{
"name": "http://sourceforge.net/p/pnp4nagios/code/ci/f846a6c9d007ca2bee05359af747619151195fc9",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/pnp4nagios/code/ci/f846a6c9d007ca2bee05359af747619151195fc9"
},
{
"name": "http://www.op5.com/blog/news/op5-monitor-6-3-1-release-notes",
"refsource": "CONFIRM",
"url": "http://www.op5.com/blog/news/op5-monitor-6-3-1-release-notes"
},
{
"name": "68350",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68350"
},
{
"name": "[oss-security] 20140711 Re: CVE request: XSS in PNP4Nagios",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/07/11/3"
},
{
"name": "http://docs.pnp4nagios.org/pnp-0.6/dwnld",
"refsource": "CONFIRM",
"url": "http://docs.pnp4nagios.org/pnp-0.6/dwnld"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4907",
"datePublished": "2014-07-11T10:00:00",
"dateReserved": "2014-07-11T00:00:00",
"dateUpdated": "2024-08-06T11:27:37.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-40272
Vulnerability from cvelistv5
Published
2022-11-14 00:00
Modified
2024-08-04 02:27
Severity ?
EPSS score ?
Summary
OP5 Monitor 8.3.1, 8.3.2, and OP5 8.3.3 are vulnerable to Cross Site Scripting (XSS).
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:27:31.868Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/hosakauk/exploits/blob/master/itrs_op5_monitor_xss.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OP5 Monitor 8.3.1, 8.3.2, and OP5 8.3.3 are vulnerable to Cross Site Scripting (XSS)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-14T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/hosakauk/exploits/blob/master/itrs_op5_monitor_xss.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-40272",
"datePublished": "2022-11-14T00:00:00",
"dateReserved": "2021-08-30T00:00:00",
"dateUpdated": "2024-08-04T02:27:31.868Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-0262
Vulnerability from cvelistv5
Published
2013-12-31 20:00
Modified
2024-08-06 18:16
Severity ?
EPSS score ?
Summary
op5config/welcome in system-op5config before 2.0.3 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the password parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.op5.com/view.php?id=5094 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/47417 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/ | x_refsource_CONFIRM | |
| http://seclists.org/fulldisclosure/2012/Jan/62 | mailing-list, x_refsource_FULLDISC | |
| http://www.osvdb.org/78065 | vdb-entry, x_refsource_OSVDB | |
| http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:16:20.079Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.op5.com/view.php?id=5094"
},
{
"name": "47417",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47417"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/"
},
{
"name": "20120107 OP5 Monitor - Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2012/Jan/62"
},
{
"name": "78065",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/78065"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "op5config/welcome in system-op5config before 2.0.3 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the password parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-29T17:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.op5.com/view.php?id=5094"
},
{
"name": "47417",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47417"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/"
},
{
"name": "20120107 OP5 Monitor - Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2012/Jan/62"
},
{
"name": "78065",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/78065"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0262",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "op5config/welcome in system-op5config before 2.0.3 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the password parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.op5.com/view.php?id=5094",
"refsource": "CONFIRM",
"url": "https://bugs.op5.com/view.php?id=5094"
},
{
"name": "47417",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47417"
},
{
"name": "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/",
"refsource": "CONFIRM",
"url": "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/"
},
{
"name": "20120107 OP5 Monitor - Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2012/Jan/62"
},
{
"name": "78065",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/78065"
},
{
"name": "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf",
"refsource": "MISC",
"url": "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0262",
"datePublished": "2013-12-31T20:00:00",
"dateReserved": "2011-12-21T00:00:00",
"dateUpdated": "2024-08-06T18:16:20.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}