An onthology represents an important resource for the organisation of a domain's knowledge in a more detailed way by...

This service collects data related to public available exploits. The database is updated daily through the official...

This service identifies typical ransomware behaviours such as file ciphering. Differently from signature-based anti-...

The service shows a 3D representation of network traffic related to attacks on a honeypot in Pisa. In addition, the...


Published Description
05-09-2018 17:29:02
The web management console of Opsview Monitor 5.4.x before 5.4.2 provides functionality accessible by an authenticated administrator to test notifications that are triggered under certain configurable events. The value parameter is not properly sanitized, leading to arbitrary command injection with the privileges of the nagios user account.
05-09-2018 17:29:02
The /etc/init.d/opsview-reporting-module script that runs at boot time in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 invokes a file that can be edited by the nagios user, and would allow attackers to elevate their privileges to root after a system restart, hence obtaining full control of the appliance.