Aggregates CVE and security vulnerability intelligence across all serverscheck-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk cross-site scripting, vendor risk sql injection, and vendor risk path handling, with potential vendor impact session compromise across vendor surface production workloads use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2018-18552 | ServersCheck Monitoring Software through 14.3.3 allows local users to cause a denial of service (menu functionality loss) by creating an LNK file that points to a second LNK file, if this second LNK file is associated with a Start menu. Ultimately, this behavior comes from a Directory Traversal bug (via the sensor_details.html id parameter) that allows creating empty files in arbitrary directories. | [email protected] | 6.5 | 2.20% | 2018-10-24 | 2024-11-21 |
| CVE-2018-18551 | ServersCheck Monitoring Software through 14.3.3 has Persistent and Reflected XSS via the sensors.html status parameter, sensors.html type parameter, sensors.html device parameter, report.html location parameter, group_delete.html group parameter, report_save.html query parameter, sensors.html location parameter, or group_delete.html group parameter. | [email protected] | 6.1 | 0.23% | 2018-10-24 | 2024-11-21 |
| CVE-2018-18550 | ServersCheck Monitoring Software before 14.3.4 allows SQL Injection by an authenticated user. | [email protected] | 8.8 | 0.34% | 2018-10-21 | 2024-11-21 |
| CVE-2017-17832 | ServersCheck Monitoring Software before 14.2.3 is prone to a cross-site scripting vulnerability as user supplied-data is not validated/sanitized when passed in the settings_SMS_ALERT_TYPE parameter, and JavaScript can be executed on settings-save.html (the Settings - SMS Alerts page). | [email protected] | 5.4 | 0.22% | 2017-12-27 | 2026-05-13 |
| CVE-2005-1798 | Directory traversal vulnerability in ServersCheck Monitoring Software 5.9.0 to 5.10.0 allows remote attackers to read arbitrary files via .. (dot dot) sequences in an HTTP request. | [email protected] | 5.0 | 0.24% | 2005-05-29 | 2026-04-16 |