5 matches found
CVE-2019-12465
An issue was discovered in LibreNMS 1.50.1. A SQL injection flaw was identified in the ajaxrulesuggest.php file where the term parameter is used insecurely in a database query for showing columns of a table, as demonstrated by an ajaxrulesuggest.php?debug=1= request...
PT-2020-15401 · Jenkins · Jenkins Amazon Ec2 Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Amazon EC2 Plugin versions 1.50.1 and earlier Description: The issue allows for man-in-the-middle attacks due to the unconditional acceptance of self-signed certificates and the lack of hostname validation when connecting to Windows...
PT-2020-15402 · Jenkins · Jenkins Amazon Ec2 Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Amazon EC2 Plugin versions 1.50.1 and earlier Description: A missing permission check in form-related methods of the Jenkins Amazon EC2 Plugin allows users with Overall/Read access to enumerate credentials IDs of credentials stored in...
LibreNMS Directory Traversal Vulnerability
LibreNMS is a PHP/MYSQL/SNMP-based open source monitoring tool . A directory traversal vulnerability exists in /pdf.php in LibreNMS 1.50.1, which can be exploited by an attacker to gain access to locations outside of a restricted directory...
LibreNMS Code Injection Vulnerability
LibreNMS is an open source network monitoring system based on PHP and MySQL. The system features customizable alerts , auto-discovery of the network environment and automatic updates . A code injection vulnerability exists in LibreNMS version 1.50.1, which can be exploited by an attacker to...