mikaku/Monitorix

mikaku/Monitorix

www.monitorix.org

Releases15

Frequency9 months 4 days

Last Release over 1 year ago

Stars1.2K

Monitorix is a free, open source, lightweight system monitoring tool.

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2021-3325 ↗	Jan 27, 2021Wednesday, 27 January 2021, 19:15	9.8 CRITICAL	7.5 HIGH
Monitorix 3.13.0 allows remote attackers to bypass Basic Authentication in a default installation (i.e., an installation without a hosts_deny option). This issue occurred because a new access-control feature was introduced without considering that some exiting installations became unsafe, upon an update to 3.13.0, unless the new feature was immediately configured.
CVE-2013-7070 ↗	Dec 31, 2019Tuesday, 31 December 2019, 20:15	9.8 CRITICAL	10 HIGH
The handle_request function in lib/HTTPServer.pm in Monitorix before 3.3.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the URI.
CVE-2013-7071 ↗	Dec 31, 2019Tuesday, 31 December 2019, 20:15	6.1 MEDIUM	4.3 MEDIUM
Cross-site scripting (XSS) vulnerability in the handle_request function in lib/HTTPServer.pm in Monitorix before 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVE-2004-2776 ↗	Dec 31, 2019Tuesday, 31 December 2019, 20:15	9.8 CRITICAL	7.5 HIGH
go.cgi in GoScript 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) query string or (2) artarchive parameter.