Proteus® NextGen Data Privacy™ users can receive automated alerts using this data by linking it to their ITIL CMDB (IT asset register)

2024

2023

2022

2021

2020

2019

CVE-2019-12279 (v3: 9.8) 22 May 2019
** DISPUTED ** Nagios XI 5.6.1 allows SQL injection via the username parameter to login.php?forgotpass (aka the reset password form). NOTE: The vendor disputes this issues as not being a vulnerability because the issue does not seem to be a legitimate SQL Injection. The POC does not show any valid injection that can be done with the variable provided, and while the username value being passed does get used in a SQL query, it is passed through SQL escaping functions when creating the call. The vendor tried re-creating the issue with no luck.
CVE-2019-9165 (v3: 9.8) 28 Mar 2019
SQL injection vulnerability in Nagios XI before 5.5.11 allows attackers to execute arbitrary SQL commands via the API when using fusekeys and malicious user id.
CVE-2019-9204 (v3: 9.8) 28 Mar 2019
SQL injection vulnerability in Nagios IM (component of Nagios XI) before 2.2.7 allows attackers to execute arbitrary SQL commands.
CVE-2019-6491 (v3: 8.8) 21 Mar 2019
RISI Gestao de Horarios v3201.09.08 rev.23 allows SQL Injection.

2018

CVE-2018-13850 (v3: 9.8) 10 Jul 2018
The "Firebase Cloud Messaging (FCM) + Advance Admin Panel" component supporting Firebase Push Notification on iOS (through 2017-10-26) allows SQL injection via the /advance_push/public/login username parameter.
CVE-2018-10735 (v3: 7.2) 16 May 2018
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter.
CVE-2018-10736 (v3: 7.2) 16 May 2018
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/info.php key1 parameter.
CVE-2018-10737 (v3: 7.2) 16 May 2018
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter.
CVE-2018-10738 (v3: 7.2) 16 May 2018
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/menuaccess.php chbKey1 parameter.
CVE-2018-8733 (v3: 9.8) 18 Apr 2018
Authentication bypass vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an unauthenticated attacker to make configuration changes and leverage an authenticated SQL injection vulnerability.
CVE-2018-8734 (v3: 9.8) 18 Apr 2018
SQL injection vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary SQL commands via the selInfoKey1 parameter.

2017

2016

2015