Gwos Groundwork_monitor
15 CVEs affecting Gwos Groundwork_monitor. Latest disclosed: 2013-05-08. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2013-3513 | | 2013-05-08 | Multiple cross-site request forgery (CSRF) vulnerabilities in the Noma component in GroundWork Monitor Enterprise 6.7.0 allow remote attackers to hijack the au… | |
CVE-2013-3512 | | 2013-05-08 | The Cacti component in GroundWork Monitor Enterprise 6.7.0 does not properly perform authorization checks, which allows remote authenticated users to read or m… | |
CVE-2013-3511 | | 2013-05-08 | Open redirect vulnerability in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote attackers to redirect users to arbitrary web sites and c… | |
CVE-2013-3510 | | 2013-05-08 | Multiple SQL injection vulnerabilities in GroundWork Monitor Enterprise 6.7.0 allow remote authenticated users to execute arbitrary SQL commands via (1) nedi/h… | |
CVE-2013-3509 | | 2013-05-08 | html/System-NeDi.php in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to execute arbitrary commands via shell met… | |
CVE-2013-3508 | | 2013-05-08 | html/System-Files.php in the System File Overview feature in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to exe… | |
CVE-2013-3507 | | 2013-05-08 | The NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to obtain sensitive information via a direct request for (1) a conf… | |
CVE-2013-3506 | | 2013-05-08 | cgi-bin/performance/perfchart.cgi in the Performance component in GroundWork Monitor Enterprise 6.7.0 does not properly restrict XML content, which allows remo… | |
CVE-2013-3505 | | 2013-05-08 | The Nagios-App component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to bypass intended access restrictions via a direct request f… | |
CVE-2013-3504 | | 2013-05-08 | Directory traversal vulnerability in monarch.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to overwrite… | |
CVE-2013-3503 | | 2013-05-08 | The Profile Importer feature in monarch.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to read arbitrary… | |
CVE-2013-3502 | | 2013-05-08 | monarch_scan.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to execute arbitrary commands, and consequen… | |
CVE-2013-3501 | | 2013-05-08 | Multiple cross-site scripting (XSS) vulnerabilities in GroundWork Monitor Enterprise 6.7.0 allow remote attackers to inject arbitrary web script or HTML via ve… | |
CVE-2013-3500 | | 2013-05-08 | The Foundation webapp admin interface in GroundWork Monitor Enterprise 6.7.0 uses the nagios account as the owner of writable files under /usr/local/groundwork… | |
CVE-2013-3499 | | 2013-05-08 | GroundWork Monitor Enterprise 6.7.0 performs authentication on the basis of the HTTP Referer header, which allows remote attackers to obtain administrative pri… |