NEWS & EVENTS

SERVICES

An onthology represents an important resource for the organisation of a domain's knowledge in a more detailed way by...

This service collects data related to public available exploits. The database is updated daily through the official...

This service identifies typical ransomware behaviours such as file ciphering. Differently from signature-based anti-...

The service shows a 3D representation of network traffic related to attacks on a honeypot in Pisa. In addition, the...

LATEST CVE

Published Description
CVE-2018-16146
05-09-2018 17:29:02
The web management console of Opsview Monitor 5.4.x before 5.4.2 provides functionality accessible by an authenticated administrator to test notifications that are triggered under certain configurable events. The value parameter is not properly sanitized, leading to arbitrary command injection with the privileges of the nagios user account.
CVE-2018-16145
05-09-2018 17:29:02
The /etc/init.d/opsview-reporting-module script that runs at boot time in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 invokes a file that can be edited by the nagios user, and would allow attackers to elevate their privileges to root after a system restart, hence obtaining full control of the appliance.

Pages