Jccleaver

**Name of the Vulnerable Software and Affected Versions** Xymon versions 4.1.x through 4.3.x before 4.3.25 **Description** The issue is related to insufficient access control in the lib/xymond ipc.c component of the Xymon network monitoring tool. This allows a local attacker to inject arbitrary messages into the queue by writing to it. **Recommendations** For versions 4.1.x through 4.3.x before 4.3.25, update to version 4.3.25 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Xymon versions 4.1.x through 4.3.x before 4.3.25 **Description** The issue is related to the lack of input sanitization in the xymond component of the Xymon network monitoring tool. This allows a remote authenticated user to execute arbitrary commands by using shell metacharacters in the `adduser name` argument in either web/useradm.c or web/chpasswd.c. **Recommendations** For Xymon versions 4.1.x through 4.3.x before 4.3.25, update to version 4.3.25 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** xymond versions 4.1.x through 4.3.x before 4.3.25 **Description** The issue is related to a lack of protection for service data in the xymond component of the Debian GNU/Linux operating system. It allows a remote attacker to read arbitrary files in the configuration directory using the "config" command. **Recommendations** For versions 4.1.x through 4.3.x before 4.3.25, update to version 4.3.25 or later to resolve the issue. As a temporary workaround, consider restricting access to the "config" command to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Xymon versions 4.1.x through 4.3.x before 4.3.25 **Description** The issue allows remote Xymon clients to inject arbitrary web script or HTML via a status-message, which is not properly handled in the "detailed status" page. Additionally, remote authenticated users can inject arbitrary web script or HTML via an acknowledgement message, which is not properly handled in the "status" page. **Recommendations** For Xymon versions 4.1.x through 4.3.x before 4.3.25, update to version 4.3.25 or later to resolve the issue.