Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Xymon
(Xymon)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 16 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2016-04-13 | CVE-2016-2056 | xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the adduser_name argument in (1) web/useradm.c or (2) web/chpasswd.c. | Debian_linux, Xymon | 8.8 | ||
| 2016-04-13 | CVE-2016-2055 | xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to read arbitrary files in the configuration directory via a "config" command. | Debian_linux, Xymon | 7.5 | ||
| 2016-04-13 | CVE-2016-2054 | Multiple buffer overflows in xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a long filename, involving handling a "config" command. | Debian_linux, Xymon | 9.8 | ||
| 2017-08-28 | CVE-2015-1430 | Buffer overflow in xymon 4.3.17-1. | Xymon | 9.8 | ||
| 2013-10-11 | CVE-2013-4173 | Directory traversal vulnerability in the trend-data daemon (xymond_rrd) in Xymon 4.x before 4.3.12 allows remote attackers to delete arbitrary files via a .. (dot dot) in the host name in a "drophost" command. | Xymon | N/A | ||
| 2011-04-18 | CVE-2011-1716 | Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Xymon before 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Xymon | N/A |