Max CVSS | 7.5 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2016-2055 | 5.0 |
xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to read arbitrary files in the configuration directory via a "config" command.
|
09-10-2018 - 19:59 | 13-04-2016 - 16:59 | |
CVE-2016-2054 | 7.5 |
Multiple buffer overflows in xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a long filename, involving handling a "config" comm
|
09-10-2018 - 19:59 | 13-04-2016 - 16:59 | |
CVE-2016-2056 | 6.5 |
xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the adduser_name argument in (1) web/useradm.c or (2) web/chpasswd.c.
|
09-10-2018 - 19:59 | 13-04-2016 - 16:59 | |
CVE-2016-2058 | 3.5 |
Multiple cross-site scripting (XSS) vulnerabilities in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow (1) remote Xymon clients to inject arbitrary web script or HTML via a status-message, which is not properly handled in the "detailed status" page
|
09-10-2018 - 19:59 | 13-04-2016 - 16:59 | |
CVE-2016-2057 | 2.1 |
lib/xymond_ipc.c in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 use weak permissions (666) for an unspecified IPC message queue, which allows local users to inject arbitrary messages by writing to that queue.
|
09-10-2018 - 19:59 | 13-04-2016 - 16:59 |