GHSA-5GM9-622F-QCG5 LibreNMS: Cross-Site Scripting in ShowConfigController

Summary A Stored Cross-Site Scripting XSS vulnerability exists in the ShowConfig page of devices affected by the RANCID Integration settings. The application fails to properly sanitise the rancidrepourl configuration value. When a user navigates to a device's configuration page, this unsanitised...

LibreNMS: Cross-Site Scripting in ShowConfigController

Summary A Stored Cross-Site Scripting XSS vulnerability exists in the ShowConfig page of devices affected by the RANCID Integration settings. The application fails to properly sanitise the rancidrepourl configuration value. When a user navigates to a device's configuration page, this unsanitised...

EUVD-2008-4958

Malware in sbrugna...

EUVD-2025-5558

Malicious code in bioql PyPI...

Unauthorized Account Takeover

oxidized-web is vulnerable to Unauthorized Account takeover. The vulnerability is due to missing authentication in the RANCID migration page, allowing an unauthenticated user to gain control over the Linux user account running oxidized-web...

CVE-2025-27590

In oxidized-web aka Oxidized Web before 0.15.0, the RANCID migration page allows an unauthenticated user to gain control over the Linux user account that is running oxidized-web...

GHSA-JX6P-9C26-G373 Oxidized Web RANCID migration page allows unauthenticated user to gain control over Linux user account

In oxidized-web aka Oxidized Web before 0.15.0, the RANCID migration page allows an unauthenticated user to gain control over the Linux user account that is running oxidized-web...

Oxidized Web RANCID migration page allows unauthenticated user to gain control over Linux user account

In oxidized-web aka Oxidized Web before 0.15.0, the RANCID migration page allows an unauthenticated user to gain control over the Linux user account that is running oxidized-web...

CVE-2025-27590

In oxidized-web aka Oxidized Web before 0.15.0, the RANCID migration page allows an unauthenticated user to gain control over the Linux user account that is running oxidized-web...

Directory Traversal

Overview oxidized-web is a puma+sinatra+haml webUI + REST API for oxidized Affected versions of this package are vulnerable to Directory Traversal through the RANCID migration page. An attacker can gain control over the Linux user account running the application by exploiting this vulnerability...

Oxidized Web 路径遍历漏洞

Oxidized Web is ytti individual developer's Web UI + RESTful API for Oxidized. A security vulnerability exists in Oxidized Web versions prior to 0.15.0 that stems from a RANCID migration page that allows an unauthenticated user to take control of a Linux user account running oxidized-web...

CVE-2025-27590

In oxidized-web aka Oxidized Web before 0.15.0, the RANCID migration page allows an unauthenticated user to gain control over the Linux user account that is running oxidized-web...

Oxidized Web RANCID migration page allows unauthenticated user to gain control over Linux user account

In oxidized-web aka Oxidized Web before 0.15.0, the RANCID migration page allows an unauthenticated user to gain control over the Linux user account that is running oxidized-web...

PT-2025-9270 · Unknown · Oxidized-Web

Name of the Vulnerable Software and Affected Versions: oxidized-web versions prior to 0.15.0 Description: The RANCID migration page in oxidized-web allows an unauthenticated user to gain control over the Linux user account that is running oxidized-web. This issue can lead to remote code execution...

CVE-2018-16144

The test connection functionality in the NetAudit section of Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to command injection due to improper sanitization of the rancidpassword parameter...

Command injection

The test connection functionality in the NetAudit section of Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to command injection due to improper sanitization of the rancidpassword parameter...

CVE-2008-4979

getipacctg in rancid 2.3.2a8 allows local users to overwrite arbitrary files via a symlink attack on 1 /tmp/ipacct..prefixes, 2 /tmp/ipacct..sorted, 3 /tmp/ipacct..pl, and 4 /tmp/ipacct. temporary files...

CVE-2008-4979

getipacctg in rancid 2.3.2a8 allows local users to overwrite arbitrary files via a symlink attack on 1 /tmp/ipacct..prefixes, 2 /tmp/ipacct..sorted, 3 /tmp/ipacct..pl, and 4 /tmp/ipacct. temporary files...

DEBIAN-CVE-2008-4979

getipacctg in rancid 2.3.2a8 allows local users to overwrite arbitrary files via a symlink attack on 1 /tmp/ipacct..prefixes, 2 /tmp/ipacct..sorted, 3 /tmp/ipacct..pl, and 4 /tmp/ipacct. temporary files...

Code injection

getipacctg in rancid 2.3.2a8 allows local users to overwrite arbitrary files via a symlink attack on 1 /tmp/ipacct..prefixes, 2 /tmp/ipacct..sorted, 3 /tmp/ipacct..pl, and 4 /tmp/ipacct. temporary files...