Prophecyinternational: Security Vulnerabilities
Snare for Linux before 1.7.0 has password disclosure because the rendered page contains the field RemotePassword.
CVSS Score
7.5
EPSS Score
0.008
Published
2020-01-08
Snare for Linux before 1.7.0 has CSRF in the web interface.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-01-08
A SQL injection vulnerability in Snare Central before 7.4.5 allows remote authenticated attackers to execute arbitrary SQL commands via the AgentConsole/UserGroupQuery.php ShowUser parameter.
CVSS Score
7.2
EPSS Score
0.006
Published
2019-08-29
An OS Command Injection vulnerability in Snare Central before 7.4.5 allows remote authenticated attackers to inject arbitrary OS commands via the ServerConf/DataManagement/DiskManager.php FORMNAS_share parameter.
CVSS Score
7.2
EPSS Score
0.037
Published
2019-08-29