74 matches found
Sql injection
An issue was discovered in LibreNMS through 1.47. The scripts that handle the graphing options html/includes/graphs/common.inc.php and html/includes/graphs/graphs.inc.php do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with...
CVE-2019-12463
An issue was discovered in LibreNMS 1.50.1. The scripts that handle graphing options includes/html/graphs/common.inc.php and includes/html/graphs/graphs.inc.php do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with mysqlirealescapestring,...
LibreNMS Collectd Command Injection Exploit
This Metasploit module exploits a command injection vulnerability in the Collectd graphing functionality in LibreNMS. The to and from parameters used to define the range for a graph are sanitized using the mysqliescaperealstring function, which permits backticks. These parameters are used as part...
LibreNMS Command Injection Vulnerability
LibreNMS is an open source network monitoring system based on PHP and MySQL. The system features customizable alerts , auto-discovery of the network environment and automatic updates . A command injection vulnerability exists in the Collectd graphing feature in LibreNMS, which can be exploited by...
[SECURITY] Fedora 24 Update: munin-2.0.30-5.fc24
Munin is a highly flexible and powerful solution used to create graphs of virtually everything imaginable throughout your network, while still maintaining a rattling ease of installation and configuration. This package contains the grapher/gatherer. You will only need one instance of it in your...
USN-3215-2: Munin regression
USN-3215-1 fixed a vulnerability in Munin. The upstream patch caused a regression leading to errors being appended to the log file. This update fixes the problem. Original advisory details: It was discovered that Munin incorrectly handled CGI graphs. A remote attacker could use this issue to...
Debian DLA-836-2 : munin regression update
The update for munin issued as DLA-836-1 caused a regression in the zooming functionality in munin-cgi-graph. Updated packages are now available to correct this issue. For reference, the original advisory text follows. Stevie Trujillo discovered a command injection vulnerability in munin, a...
[SECURITY] [DLA 836-1] munin security update
Package : munin Version : 2.0.6-4+deb7u3 CVE ID : CVE-2017-6188 Debian Bug : 855705 Stevie Trujillo discovered a command injection vulnerability in munin, a network-wide graphing framework. The CGI script for drawing graphs allowed to pass arbitrary GET parameters to local shell command, allowing...
Debian Security Advisory DSA 3794-1 (munin - security update)
Stevie Trujillo discovered a local file write vulnerability in munin, a network-wide graphing framework, when CGI graphs are enabled. GET parameters are not properly handled, allowing to inject options into munin-cgi-graph and overwriting any file accessible by the user running the cgi-process...
Debian: Security Advisory (DSA-3794-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-3295-1 : cacti - security update
Several vulnerabilities cross-site scripting and SQL injection have been discovered in Cacti, a web interface for graphing of monitoring systems. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisor...
[SECURITY] Fedora 19 Update: munin-2.0.20-1.fc19
Munin is a highly flexible and powerful solution used to create graphs of virtually everything imaginable throughout your network, while still maintaining a rattling ease of installation and configuration. This package contains the grapher/gatherer. You will only need one instance of it in your...
Cacti: Multiple vulnerabilities
Background Cacti is a complete network graphing solution designed to harness the power of RRDTool’s data storage and graphing functionality. Description Multiple vulnerabilities have been discovered in Cacti. Please review the CVE identifiers referenced below for details. Impact A remote attacker...
[SECURITY] Fedora 19 Update: munin-2.0.19-1.fc19
Munin is a highly flexible and powerful solution used to create graphs of virtually everything imaginable throughout your network, while still maintaining a rattling ease of installation and configuration. This package contains the grapher/gatherer. You will only need one instance of it in your...
Debian DSA-2815-1 : munin - denial of service
Christoph Biedl discovered two denial of service vulnerabilities in munin, a network-wide graphing framework. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2013-6048 The Munin::Master::Node module of munin does not properly validate certain data a node...
[SECURITY] [DSA 2815-1] munin security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2815-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso December 09, 2013 http://www.debian.org/security/faq -...
Debian Security Advisory DSA 2815-1 (munin - denial of service)
Christoph Biedl discovered two denial of service vulnerabilities in munin, a network-wide graphing framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-6048 The Munin::Master::Node module of munin does not properly validate certain data a node...
DSA-2815-1 munin - denial of service
Bulletin has no description...
Cacti < 0.8.8b Command and SQL Injections
Binary data 8004.prm...
[SECURITY] Fedora 18 Update: smokeping-2.6.9-1.fc18
SmokePing is a latency logging and graphing system. It consists of a daemon process which organizes the latency measurements and a CGI which presents the graphs...