Tildeslash Monit vulnerabilities

CVE-2022-26563 [HIGH] CWE-863 CVE-2022-26563: An issue was discovered in Tildeslash Monit before 5.31.0, allows remote attackers to gain escilated An issue was discovered in Tildeslash Monit before 5.31.0, allows remote attackers to gain escilated privlidges due to improper PAM-authorization.

CVE-2019-11454 [MEDIUM] monit vulnerabilities monit vulnerabilities Zack Flack discovered that Monit incorrectly handled certain input. A remote authenticated user could exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2019-11454) Zack Flack discovered a buffer overread when Monit decoded certain crafted URLs. An attacker could exploit this to potentially leak sensitive information. (CVE-2019-11455)

CVE-2019-11393 [CRITICAL] CWE-640 CVE-2019-11393: An issue was discovered in /admin/users/update in M/Monit before 3.7.3. It allows unprivileged users An issue was discovered in /admin/users/update in M/Monit before 3.7.3. It allows unprivileged users to escalate their privileges to an administrator by requesting a password change and specifying the admin parameter.

CVE-2019-11455 [HIGH] CWE-125 CVE-2019-11455: A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote aut A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service (application outage).

CVE-2016-7067 [MEDIUM] CVE-2016-7067: Monit before version 5 Monit before version 5.20.0 is vulnerable to a cross site request forgery attack. Successful exploitation will enable an attacker to disable/enable all monitoring for a particular host or disable/enable monitoring for a specific service.

CVE-2004-1898 [CRITICAL] CVE-2004-1898: Stack-based buffer overflow in the administration interface in Monit 1.4 through 4.2 allows remote a Stack-based buffer overflow in the administration interface in Monit 1.4 through 4.2 allows remote attackers to execute arbitrary code via a long username.

CVE-2004-1899 [MEDIUM] CVE-2004-1899: The administration interface in Monit 1.4 through 4.2 allows remote attackers to cause an off-by-one The administration interface in Monit 1.4 through 4.2 allows remote attackers to cause an off-by-one overflow via a POST that contains 1024 bytes.

CVE-2004-1897 [MEDIUM] CVE-2004-1897: Administration interface in Monit 1 Administration interface in Monit 1.4 through 4.2 allows remote attackers to cause a denial of service (segmentation fault) by sending a Basic Authentication request without a password, which causes Monit to decrement a null pointer and perform an out-of-bounds read.

CVE-2003-1083 [CRITICAL] CVE-2003-1083: Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote attackers to execute arbitrary code vi Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote attackers to execute arbitrary code via a long HTTP request.

CVE-2003-1084 [MEDIUM] CVE-2003-1084: Monit 1.4 to 4.1 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POS Monit 1.4 to 4.1 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request with a negative Content-Length field.