Tildeslash: Security Vulnerabilities
M/Monit 3.7.4 contains an authentication vulnerability that allows authenticated attackers to retrieve user password hashes through an administrative API endpoint. Attackers can send requests to the /api/1/admin/users/list and /api/1/admin/users/get endpoints to extract MD5 password hashes for all users.
CVSS Score
7.1
EPSS Score
0.002
Published
2026-01-28
M/Monit 3.7.4 contains a privilege escalation vulnerability that allows authenticated users to modify user permissions by manipulating the admin parameter. Attackers can send a POST request to the /api/1/admin/users/update endpoint with a crafted payload to grant administrative access to a standard user account.
CVSS Score
8.7
EPSS Score
0.001
Published
2026-01-28
An issue was discovered in Tildeslash Monit before 5.31.0, allows remote attackers to gain escilated privlidges due to improper PAM-authorization.
CVSS Score
8.8
EPSS Score
0.006
Published
2023-07-18
A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service (application outage).
CVSS Score
8.1
EPSS Score
0.018
Published
2019-04-22
An issue was discovered in /admin/users/update in M/Monit before 3.7.3. It allows unprivileged users to escalate their privileges to an administrator by requesting a password change and specifying the admin parameter.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-04-22
Administration interface in Monit 1.4 through 4.2 allows remote attackers to cause a denial of service (segmentation fault) by sending a Basic Authentication request without a password, which causes Monit to decrement a null pointer and perform an out-of-bounds read.
CVSS Score
5.0
EPSS Score
0.074
Published
2004-12-31
Stack-based buffer overflow in the administration interface in Monit 1.4 through 4.2 allows remote attackers to execute arbitrary code via a long username.
CVSS Score
10.0
EPSS Score
0.345
Published
2004-12-31
The administration interface in Monit 1.4 through 4.2 allows remote attackers to cause an off-by-one overflow via a POST that contains 1024 bytes.
CVSS Score
5.0
EPSS Score
0.007
Published
2004-12-31
Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote attackers to execute arbitrary code via a long HTTP request.
CVSS Score
10.0
EPSS Score
0.558
Published
2003-12-31
Monit 1.4 to 4.1 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request with a negative Content-Length field.
CVSS Score
5.0
EPSS Score
0.055
Published
2003-11-24
Page 1