SQL injection attacks can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information. Many high-profile data breaches in recent years have been the result of SQL injection attacks, leading to r…
[librenms/librenms] Cross-site Scripting in librenms/librenms
A user is able to enable their own account if it was disabled by an admin while the user still holds a valid session. Moreover, the username is not properly sanitized in the admin user overview. This enables an XSS attack that enables an attacker with …
[librenms/librenms] Deserialization of Untrusted Data in librenms/librenms
Deserialization of Untrusted Data in GitHub repository librenms/librenms prior to 22.10.0.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-3525
https://github.com/librenms/librenms/commit/ae3925b09ad3c5d0f7a9d5a26ae2f2f778834948
https://huntr.dev…
[librenms/librenms] Cross-site Scripting in librenms/librenms
Cross-site Scripting (XSS) – Stored in GitHub repository librenms/librenms prior to 22.10.0.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-4067
https://github.com/librenms/librenms/commit/8e85698aa3aa4884c2f3d6c987542477eb64f07c
https://huntr.d…
[librenms/librenms] Cross-site Scripting in librenms/librenms
Cross-site Scripting (XSS) – Stored in GitHub repository librenms/librenms prior to 22.10.0.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-3516
https://github.com/librenms/librenms/commit/8e85698aa3aa4884c2f3d6c987542477eb64f07c
https://huntr.d…
[librenms/librenms] Cross-site Scripting in librenms/librenms
Cross-site Scripting (XSS) – Generic in GitHub repository librenms/librenms prior to 22.10.0.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-3561
https://github.com/librenms/librenms/commit/d86cbcd96d684e4de8dfa50b4490e4e02782d242
https://huntr….
[librenms/librenms] Cross-site Scripting in librenms/librenms
Cross-site Scripting (XSS) – Stored in GitHub repository librenms/librenms prior to 22.10.0.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-3562
https://github.com/librenms/librenms/commit/43cb72549d90e338f902b359a83c23d3cb5a2645
https://huntr.d…
[librenms/librenms] Cross-site Scripting in librenms/librenms
Cross-site Scripting (XSS) – Generic in GitHub repository librenms/librenms prior to 22.10.0.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-4069
https://github.com/librenms/librenms/commit/8383376f1355812e09ec0c2af67f6d46891b7ba7
https://huntr….
[dalli] Unsanitized input leading to code injection in Dalli
A vulnerability was found in Dalli. Affected is the function self.meta_set of the file lib/dalli/protocol/meta/request_formatter.rb of the component Meta Protocol Handler. The manipulation leads to injection. The exploit has been disclosed to the publi…
[cgi] HTTP response splitting in CGI
Ruby gem cgi.rb prior to versions 0.3.5, 0.2.2 and 0.1.0.2 allow HTTP header injection. If a CGI application using the CGI library inserts untrusted input into the HTTP response header, an attacker can exploit it to insert a newline character to split …