Search criteria
9 vulnerabilities by op5
CVE-2021-40272 (GCVE-0-2021-40272)
Vulnerability from cvelistv5 – Published: 2022-11-14 00:00 – Updated: 2025-04-30 20:19
VLAI?
Summary
OP5 Monitor 8.3.1, 8.3.2, and OP5 8.3.3 are vulnerable to Cross Site Scripting (XSS).
Severity ?
6.1 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:27:31.868Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/hosakauk/exploits/blob/master/itrs_op5_monitor_xss.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-40272",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-30T20:19:03.285492Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T20:19:41.849Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OP5 Monitor 8.3.1, 8.3.2, and OP5 8.3.3 are vulnerable to Cross Site Scripting (XSS)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-14T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/hosakauk/exploits/blob/master/itrs_op5_monitor_xss.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-40272",
"datePublished": "2022-11-14T00:00:00.000Z",
"dateReserved": "2021-08-30T00:00:00.000Z",
"dateUpdated": "2025-04-30T20:19:41.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4907 (GCVE-0-2014-4907)
Vulnerability from cvelistv5 – Published: 2014-07-11 10:00 – Updated: 2024-08-06 11:27
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in share/pnp/application/views/kohana_error_page.php in PNP4Nagios before 0.6.22 allows remote attackers to inject arbitrary web script or HTML via a parameter that is not properly handled in an error message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:37.062Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "59535",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59535"
},
{
"name": "59603",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59603"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.op5.com/view.php?id=8761"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/p/pnp4nagios/code/ci/f846a6c9d007ca2bee05359af747619151195fc9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.op5.com/blog/news/op5-monitor-6-3-1-release-notes"
},
{
"name": "68350",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68350"
},
{
"name": "[oss-security] 20140711 Re: CVE request: XSS in PNP4Nagios",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/07/11/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.pnp4nagios.org/pnp-0.6/dwnld"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in share/pnp/application/views/kohana_error_page.php in PNP4Nagios before 0.6.22 allows remote attackers to inject arbitrary web script or HTML via a parameter that is not properly handled in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-07-14T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "59535",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59535"
},
{
"name": "59603",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59603"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.op5.com/view.php?id=8761"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/p/pnp4nagios/code/ci/f846a6c9d007ca2bee05359af747619151195fc9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.op5.com/blog/news/op5-monitor-6-3-1-release-notes"
},
{
"name": "68350",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68350"
},
{
"name": "[oss-security] 20140711 Re: CVE request: XSS in PNP4Nagios",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/07/11/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.pnp4nagios.org/pnp-0.6/dwnld"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4907",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in share/pnp/application/views/kohana_error_page.php in PNP4Nagios before 0.6.22 allows remote attackers to inject arbitrary web script or HTML via a parameter that is not properly handled in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "59535",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59535"
},
{
"name": "59603",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59603"
},
{
"name": "https://bugs.op5.com/view.php?id=8761",
"refsource": "CONFIRM",
"url": "https://bugs.op5.com/view.php?id=8761"
},
{
"name": "http://sourceforge.net/p/pnp4nagios/code/ci/f846a6c9d007ca2bee05359af747619151195fc9",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/pnp4nagios/code/ci/f846a6c9d007ca2bee05359af747619151195fc9"
},
{
"name": "http://www.op5.com/blog/news/op5-monitor-6-3-1-release-notes",
"refsource": "CONFIRM",
"url": "http://www.op5.com/blog/news/op5-monitor-6-3-1-release-notes"
},
{
"name": "68350",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68350"
},
{
"name": "[oss-security] 20140711 Re: CVE request: XSS in PNP4Nagios",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/07/11/3"
},
{
"name": "http://docs.pnp4nagios.org/pnp-0.6/dwnld",
"refsource": "CONFIRM",
"url": "http://docs.pnp4nagios.org/pnp-0.6/dwnld"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4907",
"datePublished": "2014-07-11T10:00:00",
"dateReserved": "2014-07-11T00:00:00",
"dateUpdated": "2024-08-06T11:27:37.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6141 (GCVE-0-2013-6141)
Vulnerability from cvelistv5 – Published: 2014-01-29 18:00 – Updated: 2024-08-06 17:29
VLAI?
Summary
Unspecified vulnerability in op5 Monitor before 6.1.3 allows attackers to read arbitrary files via unknown vectors related to lack of authorization.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:42.978Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.op5.com/view.php?id=7677"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-10-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in op5 Monitor before 6.1.3 allows attackers to read arbitrary files via unknown vectors related to lack of authorization."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-29T17:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.op5.com/view.php?id=7677"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6141",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in op5 Monitor before 6.1.3 allows attackers to read arbitrary files via unknown vectors related to lack of authorization."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.op5.com/view.php?id=7677",
"refsource": "CONFIRM",
"url": "https://bugs.op5.com/view.php?id=7677"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6141",
"datePublished": "2014-01-29T18:00:00",
"dateReserved": "2013-10-15T00:00:00",
"dateUpdated": "2024-08-06T17:29:42.978Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0262 (GCVE-0-2012-0262)
Vulnerability from cvelistv5 – Published: 2013-12-31 20:00 – Updated: 2024-08-06 18:16
VLAI?
Summary
op5config/welcome in system-op5config before 2.0.3 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the password parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:16:20.079Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.op5.com/view.php?id=5094"
},
{
"name": "47417",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47417"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/"
},
{
"name": "20120107 OP5 Monitor - Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2012/Jan/62"
},
{
"name": "78065",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/78065"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "op5config/welcome in system-op5config before 2.0.3 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the password parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-29T17:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.op5.com/view.php?id=5094"
},
{
"name": "47417",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47417"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/"
},
{
"name": "20120107 OP5 Monitor - Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2012/Jan/62"
},
{
"name": "78065",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/78065"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0262",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "op5config/welcome in system-op5config before 2.0.3 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the password parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.op5.com/view.php?id=5094",
"refsource": "CONFIRM",
"url": "https://bugs.op5.com/view.php?id=5094"
},
{
"name": "47417",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47417"
},
{
"name": "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/",
"refsource": "CONFIRM",
"url": "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/"
},
{
"name": "20120107 OP5 Monitor - Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2012/Jan/62"
},
{
"name": "78065",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/78065"
},
{
"name": "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf",
"refsource": "MISC",
"url": "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0262",
"datePublished": "2013-12-31T20:00:00",
"dateReserved": "2011-12-21T00:00:00",
"dateUpdated": "2024-08-06T18:16:20.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0261 (GCVE-0-2012-0261)
Vulnerability from cvelistv5 – Published: 2013-12-31 20:00 – Updated: 2024-08-06 18:16
VLAI?
Summary
license.php in system-portal before 1.6.2 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the timestamp parameter for an install action.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:16:19.729Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.op5.com/view.php?id=5094"
},
{
"name": "78064",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/78064"
},
{
"name": "47417",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47417"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/"
},
{
"name": "20120107 OP5 Monitor - Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2012/Jan/62"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "license.php in system-portal before 1.6.2 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the timestamp parameter for an install action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-29T17:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.op5.com/view.php?id=5094"
},
{
"name": "78064",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/78064"
},
{
"name": "47417",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47417"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/"
},
{
"name": "20120107 OP5 Monitor - Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2012/Jan/62"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0261",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "license.php in system-portal before 1.6.2 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the timestamp parameter for an install action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.op5.com/view.php?id=5094",
"refsource": "CONFIRM",
"url": "https://bugs.op5.com/view.php?id=5094"
},
{
"name": "78064",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/78064"
},
{
"name": "47417",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47417"
},
{
"name": "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/",
"refsource": "CONFIRM",
"url": "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/"
},
{
"name": "20120107 OP5 Monitor - Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2012/Jan/62"
},
{
"name": "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf",
"refsource": "MISC",
"url": "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0261",
"datePublished": "2013-12-31T20:00:00",
"dateReserved": "2011-12-21T00:00:00",
"dateUpdated": "2024-08-06T18:16:19.729Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0264 (GCVE-0-2012-0264)
Vulnerability from cvelistv5 – Published: 2013-12-31 20:00 – Updated: 2024-08-06 18:16
VLAI?
Summary
op5 Monitor and op5 Appliance before 5.5.0 do not properly manage session cookies, which allows remote attackers to have an unspecified impact via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:16:20.165Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "78066",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/78066"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.op5.com/view.php?id=5094"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/"
},
{
"name": "47344",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47344"
},
{
"name": "20120107 OP5 Monitor - Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2012/Jan/62"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "op5 Monitor and op5 Appliance before 5.5.0 do not properly manage session cookies, which allows remote attackers to have an unspecified impact via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-29T17:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "78066",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/78066"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.op5.com/view.php?id=5094"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/"
},
{
"name": "47344",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47344"
},
{
"name": "20120107 OP5 Monitor - Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2012/Jan/62"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0264",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "op5 Monitor and op5 Appliance before 5.5.0 do not properly manage session cookies, which allows remote attackers to have an unspecified impact via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "78066",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/78066"
},
{
"name": "https://bugs.op5.com/view.php?id=5094",
"refsource": "CONFIRM",
"url": "https://bugs.op5.com/view.php?id=5094"
},
{
"name": "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/",
"refsource": "CONFIRM",
"url": "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/"
},
{
"name": "47344",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47344"
},
{
"name": "20120107 OP5 Monitor - Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2012/Jan/62"
},
{
"name": "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf",
"refsource": "MISC",
"url": "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0264",
"datePublished": "2013-12-31T20:00:00",
"dateReserved": "2011-12-21T00:00:00",
"dateUpdated": "2024-08-06T18:16:20.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0263 (GCVE-0-2012-0263)
Vulnerability from cvelistv5 – Published: 2013-12-31 20:00 – Updated: 2024-08-06 18:16
VLAI?
Summary
monitor/index.php in op5 Monitor and op5 Appliance before 5.5.1 allows remote authenticated users to obtain sensitive information such as database and user credentials via error messages that are triggered by (1) a malformed hoststatustypes parameter to status/service/all or (2) a crafted request to config.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:16:20.085Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "78067",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/78067"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.op5.com/view.php?id=5094"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/"
},
{
"name": "47344",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47344"
},
{
"name": "20120107 OP5 Monitor - Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2012/Jan/62"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "monitor/index.php in op5 Monitor and op5 Appliance before 5.5.1 allows remote authenticated users to obtain sensitive information such as database and user credentials via error messages that are triggered by (1) a malformed hoststatustypes parameter to status/service/all or (2) a crafted request to config."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-29T17:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "78067",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/78067"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.op5.com/view.php?id=5094"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/"
},
{
"name": "47344",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47344"
},
{
"name": "20120107 OP5 Monitor - Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2012/Jan/62"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0263",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "monitor/index.php in op5 Monitor and op5 Appliance before 5.5.1 allows remote authenticated users to obtain sensitive information such as database and user credentials via error messages that are triggered by (1) a malformed hoststatustypes parameter to status/service/all or (2) a crafted request to config."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "78067",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/78067"
},
{
"name": "https://bugs.op5.com/view.php?id=5094",
"refsource": "CONFIRM",
"url": "https://bugs.op5.com/view.php?id=5094"
},
{
"name": "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/",
"refsource": "CONFIRM",
"url": "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/"
},
{
"name": "47344",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47344"
},
{
"name": "20120107 OP5 Monitor - Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2012/Jan/62"
},
{
"name": "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf",
"refsource": "MISC",
"url": "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0263",
"datePublished": "2013-12-31T20:00:00",
"dateReserved": "2011-12-21T00:00:00",
"dateUpdated": "2024-08-06T18:16:20.085Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5027 (GCVE-0-2008-5027)
Vulnerability from cvelistv5 – Published: 2008-11-10 15:00 – Updated: 2024-08-07 10:40
VLAI?
Summary
The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this process, via an (a) custom form or a (b) browser addon.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:40:17.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[nagios-devel] 20081107 Security fixes completed",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se\u0026forum_name=nagios-devel"
},
{
"name": "ADV-2008-3364",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3364"
},
{
"name": "GLSA-200907-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200907-15.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nagios.org/development/history/nagios-3x.php"
},
{
"name": "33320",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33320"
},
{
"name": "[oss-security] 20081106 CVE request: Nagios (two issues)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/11/06/2"
},
{
"name": "32156",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32156"
},
{
"name": "1022165",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022165"
},
{
"name": "USN-698-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://www.ubuntu.com/usn/USN-698-3/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor"
},
{
"name": "ADV-2008-3029",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3029"
},
{
"name": "SSRT090060",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"name": "HPSBMA02419",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"name": "ADV-2009-1256",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1256"
},
{
"name": "USN-698-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-698-1"
},
{
"name": "35002",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35002"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this process, via an (a) custom form or a (b) browser addon."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[nagios-devel] 20081107 Security fixes completed",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se\u0026forum_name=nagios-devel"
},
{
"name": "ADV-2008-3364",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3364"
},
{
"name": "GLSA-200907-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200907-15.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nagios.org/development/history/nagios-3x.php"
},
{
"name": "33320",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33320"
},
{
"name": "[oss-security] 20081106 CVE request: Nagios (two issues)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/11/06/2"
},
{
"name": "32156",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32156"
},
{
"name": "1022165",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022165"
},
{
"name": "USN-698-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://www.ubuntu.com/usn/USN-698-3/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor"
},
{
"name": "ADV-2008-3029",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3029"
},
{
"name": "SSRT090060",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"name": "HPSBMA02419",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"name": "ADV-2009-1256",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1256"
},
{
"name": "USN-698-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-698-1"
},
{
"name": "35002",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35002"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5027",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this process, via an (a) custom form or a (b) browser addon."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[nagios-devel] 20081107 Security fixes completed",
"refsource": "MLIST",
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se\u0026forum_name=nagios-devel"
},
{
"name": "ADV-2008-3364",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3364"
},
{
"name": "GLSA-200907-15",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200907-15.xml"
},
{
"name": "http://www.nagios.org/development/history/nagios-3x.php",
"refsource": "MISC",
"url": "http://www.nagios.org/development/history/nagios-3x.php"
},
{
"name": "33320",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33320"
},
{
"name": "[oss-security] 20081106 CVE request: Nagios (two issues)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/11/06/2"
},
{
"name": "32156",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32156"
},
{
"name": "1022165",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022165"
},
{
"name": "USN-698-3",
"refsource": "UBUNTU",
"url": "https://www.ubuntu.com/usn/USN-698-3/"
},
{
"name": "http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor",
"refsource": "CONFIRM",
"url": "http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor"
},
{
"name": "ADV-2008-3029",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3029"
},
{
"name": "SSRT090060",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"name": "HPSBMA02419",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"name": "ADV-2009-1256",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1256"
},
{
"name": "USN-698-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-698-1"
},
{
"name": "35002",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35002"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5027",
"datePublished": "2008-11-10T15:00:00",
"dateReserved": "2008-11-10T00:00:00",
"dateUpdated": "2024-08-07T10:40:17.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5028 (GCVE-0-2008-5028)
Vulnerability from cvelistv5 – Published: 2008-11-10 15:00 – Updated: 2024-08-07 10:40
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:40:16.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "nagios-cmd-csrf(46426)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46426"
},
{
"name": "[nagios-devel] 20081107 Security fixes completed",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se\u0026forum_name=nagios-devel"
},
{
"name": "op5monitor-unspecified-csrf(46521)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46521"
},
{
"name": "GLSA-200907-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200907-15.xml"
},
{
"name": "33320",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33320"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.op5.org/git/?p=nagios.git%3Ba=commit%3Bh=814d8d4d1a73f7151eeed187c0667585d79fea18"
},
{
"name": "[oss-security] 20081106 CVE request: Nagios (two issues)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/11/06/2"
},
{
"name": "1022165",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022165"
},
{
"name": "USN-698-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://www.ubuntu.com/usn/USN-698-3/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor"
},
{
"name": "ADV-2008-3029",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3029"
},
{
"name": "SSRT090060",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"name": "HPSBMA02419",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"name": "ADV-2009-1256",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1256"
},
{
"name": "32610",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32610"
},
{
"name": "32630",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32630"
},
{
"name": "35002",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35002"
},
{
"name": "49678",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/49678"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "nagios-cmd-csrf(46426)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46426"
},
{
"name": "[nagios-devel] 20081107 Security fixes completed",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se\u0026forum_name=nagios-devel"
},
{
"name": "op5monitor-unspecified-csrf(46521)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46521"
},
{
"name": "GLSA-200907-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200907-15.xml"
},
{
"name": "33320",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33320"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.op5.org/git/?p=nagios.git%3Ba=commit%3Bh=814d8d4d1a73f7151eeed187c0667585d79fea18"
},
{
"name": "[oss-security] 20081106 CVE request: Nagios (two issues)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/11/06/2"
},
{
"name": "1022165",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022165"
},
{
"name": "USN-698-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://www.ubuntu.com/usn/USN-698-3/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor"
},
{
"name": "ADV-2008-3029",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3029"
},
{
"name": "SSRT090060",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"name": "HPSBMA02419",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"name": "ADV-2009-1256",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1256"
},
{
"name": "32610",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32610"
},
{
"name": "32630",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32630"
},
{
"name": "35002",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35002"
},
{
"name": "49678",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/49678"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "nagios-cmd-csrf(46426)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46426"
},
{
"name": "[nagios-devel] 20081107 Security fixes completed",
"refsource": "MLIST",
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se\u0026forum_name=nagios-devel"
},
{
"name": "op5monitor-unspecified-csrf(46521)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46521"
},
{
"name": "GLSA-200907-15",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200907-15.xml"
},
{
"name": "33320",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33320"
},
{
"name": "http://git.op5.org/git/?p=nagios.git;a=commit;h=814d8d4d1a73f7151eeed187c0667585d79fea18",
"refsource": "CONFIRM",
"url": "http://git.op5.org/git/?p=nagios.git;a=commit;h=814d8d4d1a73f7151eeed187c0667585d79fea18"
},
{
"name": "[oss-security] 20081106 CVE request: Nagios (two issues)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/11/06/2"
},
{
"name": "1022165",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022165"
},
{
"name": "USN-698-3",
"refsource": "UBUNTU",
"url": "https://www.ubuntu.com/usn/USN-698-3/"
},
{
"name": "http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor",
"refsource": "CONFIRM",
"url": "http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor"
},
{
"name": "ADV-2008-3029",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3029"
},
{
"name": "SSRT090060",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"name": "HPSBMA02419",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=124156641928637\u0026w=2"
},
{
"name": "ADV-2009-1256",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1256"
},
{
"name": "32610",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32610"
},
{
"name": "32630",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32630"
},
{
"name": "35002",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35002"
},
{
"name": "49678",
"refsource": "OSVDB",
"url": "http://osvdb.org/49678"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5028",
"datePublished": "2008-11-10T15:00:00",
"dateReserved": "2008-11-10T00:00:00",
"dateUpdated": "2024-08-07T10:40:16.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}