Headline

CVE-2021-40345

An issue was discovered in Nagios XI 5.8.5. In the Manage Dashlets section of the Admin panel, an administrator can upload ZIP files. A command injection (within the name of the first file in the archive) allows an attacker to execute system commands.

2 years ago

CVE

Open in Source

#ios

� CNCZ��ԏz��;�_��sg�2�r� endstream endobj 3 0 obj 673 endobj 4 0 obj <> stream x��M�$� ��F_�+�l|빆�2�� @��%2H*�M��?��K�t�b�@גףÙ��,��/~�Z;4�Ȗj� |�(i#��@�o�s��O��3�o3��^o嫵�XI�p�K8Z�~�#��m’��[��]]۵�^>E&��hK��ݥ��8�B[��%߮�’�3�N:p’Lرy�U��3@k,gF��’��ߋ�� <4c~uY�lڌ�ڶ��. �{�N�.�U$e7��I:i�c/�Pv?�CA��f,YG-~h�6l��9��]��&|�*��S��R�Ѫ��Hx�C�C3��#�򾍹m�O>h�’��!�� zi�s��L’��KW��f�+7`��?%A��@#@<��\~�Aܪ�Ea�+�\6��$�7d�Fr�J��˔��{N ��]�5�#��Q�NBm��3��;��-l��җs��Ca {�Ѕ�ryZ��,�^M��6F5��D$�gqP��i�8�jM��.6�4V\��k9��:o팠��rM� ?�^� A��]l �m`ʯ��@�(��[�(��A�|-�,��h�c!h񶋍!x�� p8��8�� ]+�0&��mdcB��+��|f.�&�+�

Nagios XI before v5.8.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the ajax.php script in CCM 3.1.5.

CVE-2020-28648: Nagios XI Change Log - Nagios

Improper input validation in the Auto-Discovery component of Nagios XI before 5.7.5 allows an authenticated attacker to execute remote code.

CVE-2019-9167: Security Disclosures - Nagios

Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.

5 years ago

CVE

Open in Source