CVE-2019-12465

An issue was discovered in LibreNMS 1.50.1. A SQL injection flaw was identified in the ajaxrulesuggest.php file where the term parameter is used insecurely in a database query for showing columns of a table, as demonstrated by an ajaxrulesuggest.php?debug=1= request...

PT-2020-15401 · Jenkins · Jenkins Amazon Ec2 Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Amazon EC2 Plugin versions 1.50.1 and earlier Description: The issue allows for man-in-the-middle attacks due to the unconditional acceptance of self-signed certificates and the lack of hostname validation when connecting to Windows...

PT-2020-15402 · Jenkins · Jenkins Amazon Ec2 Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Amazon EC2 Plugin versions 1.50.1 and earlier Description: A missing permission check in form-related methods of the Jenkins Amazon EC2 Plugin allows users with Overall/Read access to enumerate credentials IDs of credentials stored in...

LibreNMS Code Injection Vulnerability

LibreNMS is an open source network monitoring system based on PHP and MySQL. The system features customizable alerts , auto-discovery of the network environment and automatic updates . A code injection vulnerability exists in LibreNMS version 1.50.1, which can be exploited by an attacker to...

LibreNMS Directory Traversal Vulnerability

LibreNMS is a PHP/MYSQL/SNMP-based open source monitoring tool . A directory traversal vulnerability exists in /pdf.php in LibreNMS 1.50.1, which can be exploited by an attacker to gain access to locations outside of a restricted directory...