Gwos : Security Vulnerabilities, CVEs, CVSS score >= 7
cgi-bin/performance/perfchart.cgi in the Performance component in GroundWork Monitor Enterprise 6.7.0 does not properly restrict XML content, which allows remote attackers to execute arbitrary commands by creating a .shtml file and leveraging Server Side Includes (SSI) functionality.
Max CVSS
7.5
EPSS Score
0.26%
Published
2013-05-08
Updated
2013-05-08
The Foundation webapp admin interface in GroundWork Monitor Enterprise 6.7.0 uses the nagios account as the owner of writable files under /usr/local/groundwork, which allows context-dependent attackers to bypass intended filesystem restrictions by leveraging access to a GroundWork script.
Max CVSS
7.5
EPSS Score
0.16%
Published
2013-05-08
Updated
2013-05-08
GroundWork Monitor Enterprise 6.7.0 performs authentication on the basis of the HTTP Referer header, which allows remote attackers to obtain administrative privileges or access files via a crafted header.
Max CVSS
7.5
EPSS Score
0.76%
Published
2013-05-08
Updated
2013-11-25
3 vulnerabilities found