tildeslash

5 exploits Active since Sep 2018
CVE-2019-11454 WRITEUP MEDIUM WRITEUP
Monit < 5.25.3 - Unauthenticated Stored Cross-Site Scripting via Authorization Header
Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an _viewlog operation.
CVSS 6.1
CVE-2019-11454 WRITEUP MEDIUM WRITEUP
Monit < 5.25.3 - Unauthenticated Stored Cross-Site Scripting via Authorization Header
Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an _viewlog operation.
CVSS 6.1
CVE-2019-11455 WRITEUP HIGH WRITEUP
Tildeslash Monit <5.25.3 - Buffer Overflow
A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service (application outage).
CVSS 8.1
CVE-2016-7067 WRITEUP MEDIUM WRITEUP
Monit < 5.20.0 - Cross-Site Request Forgery
Monit before version 5.20.0 is vulnerable to a cross site request forgery attack. Successful exploitation will enable an attacker to disable/enable all monitoring for a particular host or disable/enable monitoring for a specific service.
CVSS 6.5
CVE-2022-26563 WRITEUP HIGH WRITEUP
Tildeslash Monit <5.31.0 - Privilege Escalation
An issue was discovered in Tildeslash Monit before 5.31.0, allows remote attackers to gain escilated privlidges due to improper PAM-authorization.
CVSS 8.8