Page 10 of 53 results (0.005 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

An issue was discovered in LibreNMS through 1.47. Information disclosure can occur: an attacker can fingerprint the exact code version installed and disclose local file paths. Se detectó un problema en LibreNMS versiones hasta 1.47. Una divulgación de información puede ocurrir: un atacante puede tomar la huella digital de la versión de código exacta instalada y revelar las rutas de archivos locales. • https://www.darkmatter.ae/xen1thlabs/librenms-information-disclosure-vulnerability-xl-19-018 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1

An issue was discovered in LibreNMS through 1.47. Several of the scripts perform dynamic script inclusion via the include() function on user supplied input without sanitizing the values by calling basename() or a similar function. An attacker can leverage this to execute PHP code from the included file. Exploitation of these scripts is made difficult by additional text being appended (typically .inc.php), which means an attacker would need to be able to control both a filename and its content on the server. However, exploitation can be achieved as demonstrated by the csv.php? • https://www.darkmatter.ae/xen1thlabs/librenms-limited-local-file-inclusion-via-directory-traversal-vulnerability-xl-19-020 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

An issue was discovered in LibreNMS through 1.47. The scripts that handle the graphing options (html/includes/graphs/common.inc.php and html/includes/graphs/graphs.inc.php) do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with mysqli_real_escape_string, which is only useful for preventing SQL injection attacks; other parameters are unfiltered. This allows an attacker to inject RRDtool syntax with newline characters via the html/graph.php script. RRDtool syntax is quite versatile and an attacker could leverage this to perform a number of attacks, including disclosing directory structure and filenames, file content, denial of service, or writing arbitrary files. • https://www.darkmatter.ae/xen1thlabs/librenms-rrdtool-injection-vulnerability-xl-19-023 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 7.2EPSS: 82%CPEs: 1EXPL: 3

An issue was discovered in LibreNMS through 1.47. There is a command injection vulnerability in html/includes/graphs/device/collectd.inc.php where user supplied parameters are filtered with the mysqli_escape_real_string function. This function is not the appropriate function to sanitize command arguments as it does not escape a number of command line syntax characters such as ` (backtick), allowing an attacker to inject commands into the variable $rrd_cmd, which gets executed via passthru(). Se detectó un problema en LibreNMS versiones hasta 1.47. Se presenta una vulnerabilidad de inyección de comandos en el archivo html/includes/graphs/device/collectd.inc.php donde los parámetros suministrados por el usuario son filtrados con la función mysqli_escape_real_string. • https://www.exploit-db.com/exploits/47375 http://packetstormsecurity.com/files/154391/LibreNMS-Collectd-Command-Injection.html https://www.darkmatter.ae/xen1thlabs/librenms-command-injection-vulnerability-xl-19-017 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 10.0EPSS: 95%CPEs: 1EXPL: 5

LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the $_POST['community'] parameter to html/pages/addhost.inc.php during creation of a new device, and then making a /ajax_output.php?id=capture&format=text&type=snmpwalk&hostname=localhost request that triggers html/includes/output/capture.inc.php command mishandling. LibreNMS 1.46 permite a los atacantes remotos ejecutar comandos OS arbitrarios mediante el uso del parámetro $_POST['community'] en html/pages/addhost.inc.php durante la creación de un nuevo dispositivo y posteriormente haciendo una petición /ajax_output.php?id=capture&format=text&type=snmpwalk&hostname=localhost que desencadene una mala gestión del comando html/includes/output/capture.inc.php • https://www.exploit-db.com/exploits/46970 https://www.exploit-db.com/exploits/47044 https://github.com/mhaskar/CVE-2018-20434 http://packetstormsecurity.com/files/153188/LibreNMS-addhost-Command-Injection.html http://packetstormsecurity.com/files/153448/LibreNMS-1.46-addhost-Remote-Code-Execution.html https://drive.google.com/file/d/1LcGmOY8x-TG-wnNr-cM_f854kxk0etva/view?usp=sharing https://gist.github.com/mhaskar/516df57aafd8c6e3a1d70765075d372d https://shells.systems/librenms-v1-46-remote-code-execution • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •