Splunk Enterprise versions 6.4.3 and below suffer from a server-side request forgery vulnerability.
b5446560dcd7b9cd7873e8dc1db514397d843547598024e58788677230bcbb24
Nagios Incident Manager versions 2.0.0 and below suffer from code execution, cross site scripting, and remote SQL injection vulnerabilities.
d336442ddcda57ddf494c9348d0b0922f03172970eee3b0564a9c314bf393947
Nagios Network Analyzer versions 2.2.0 and below suffer from authentication bypass, arbitrary code execution, and remote SQL injection vulnerabilities.
d37f34584f47fa93ebce7c80008e1f9da3a059b746dff78e9d2e68b95f5747a6
Nagios Log Server versions 1.4.1 and below suffer from authentication bypass, privilege escalation, cross site scripting, and inconsistent control vulnerabilities.
c17d74b0193a44e7cbda50f0ffcd51aac890e574890ec513c42d5e1a1aa233c9
This Metasploit module exploits three separate vulnerabilities found in the Riverbed SteelCentral NetProfiler/NetExpress virtual appliances to obtain remote command execution as the root user. A SQL injection in the login form can be exploited to add a malicious user into the application's database. An attacker can then exploit a command injection vulnerability in the web interface to obtain arbitrary code execution. Finally, an insecure configuration of the sudoers file can be abused to escalate privileges to root.
df58be25ca590f1f28576780a6be938b242bb24996bb0984cee22bb17a53c202
This Metasploit module exploits an SQL injection, auth bypass, file upload, command injection, and privilege escalation in Nagios XI <= 5.2.7 to pop a root shell.
7b076eb4c293543ed664b1e38b4942197ec5fe84ee01dda8591020258e48df90
Riverbed SteelCentral NetProfiler and NetExpress versions 10.8.7 and below suffer from command injection, privilege escalation, local file inclusion, account hijacking, and remote SQL injection vulnerabilities.
00ab1d582827932b2ba3b410528854489b8967d3984a75bb1c14cd8cdf9bae86
Nagios XI versions 5.2.7 and below suffer from command execution, privilege escalation, server-side request forgery, and remote SQL injection vulnerabilities.
b2bc3fb56452aab55e4934f25cfa1f170bf9d3121cfb3cd553f7362614ce86bb
PfSense Community Edition versions 2.2.6 and below suffer from cross site scripting, code injection, and cross site request forgery vulnerabilities.
a1cea41cda47aaf708576b8f7af2aa6b3c4f8bef37be1b6afc196e909188eabc