Note, these should not be a huge issue if utilizing a proper firewall. But it might be something you would want to look into and fix anyways.
These where found by a Nessus scan performed against a server running Monitorix.
First One:
Severity: HIGH
Exploit:
Goscript go.cgi Arbitrary Command Execution
Description
The remote host is running GoScript. The installed version fails to properly sanitize user-supplied input to the 'go.cgi' script. An unauthenticated, remote attacker could exploit this flaw to execute arbitrary commands on the remote host.
Solution
There is no known solution at this time.
See Also
http://archives.neohapsis.com/archives/bugtraq/2004-08/0037.html
Plugin Output
It was possible to execute the command 'id' on the remote host
by requesting the following URL :
http://10.19.75.76:8080/amPortal/action/go.cgi|id|
Second One:
Severity: Medium
Exploit
Web Server Generic Cookie Injection
Description
The remote host is running a web server that fails to adequately sanitize request strings of malicious JavaScript. By leveraging this issue, an attacker may be able to inject arbitrary cookies. Depending on the structure of the web application, it may be possible to launch a 'session fixation' attack using this mechanism.
Solution
Contact the vendor for a patch or upgrade.
See Also
http://en.wikipedia.org/wiki/Session_fixation
http://www.owasp.org/index.php/Session_Fixation
http://www.acros.si/papers/session_fixation.pdf
http://projects.webappsec.org/Session-Fixation
Plugin Output
The request string used to detect this flaw was :
/<script>document.cookie=%22testzgsf=9268;%22</script>
The output was :
HTTP/1.0 404 Not found
Date: Wed, 20 Nov 2013 13:34:54 -0500
Server: Monitorix HTTP Server
Connection: close
Content-Type: text/html; charset=UTF-8
[...]
<title>404 Not Found</title>
Not Found
The requested URL /<script>document.cookie="testzgsf=9268;"</script> was not found on this server.
Monitorix HTTP Server listening at localhost Port 8080
[...]
Third one:
Severity: Medium
Exploit
Web Server Generic XSS
Description
The remote host is running a web server that fails to adequately sanitize request strings of malicious JavaScript. By leveraging this issue, an attacker may be able to cause arbitrary HTML and script code to be executed in a user's browser within the security context of the affected site.
Solution
Contact the vendor for a patch or upgrade.
See Also
http://en.wikipedia.org/wiki/Cross-site_scripting
Plugin Output
The request string used to detect this flaw was :
/<script>cross_site_scripting.nasl</script>.asp
The output was :
HTTP/1.0 404 Not found
Date: Wed, 20 Nov 2013 13:36:20 -0500
Server: Monitorix HTTP Server
Connection: close
Content-Type: text/html; charset=UTF-8
Not Found
The requested URL /<script>cross_site_scripting.nasl</script>.asp was no
t found on this server.
Monitorix HTTP Server listening at localhost Port 8080