Vulnerabilities (CVE)

Filtered by vendor Ocsinventory-ng Subscribe
Filtered by product Ocs Inventory Ng
Total 10 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-4024 1 Ocsinventory-ng 1 Ocs Inventory Ng 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in ocsinventory in OCS Inventory NG 2.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-1733 1 Ocsinventory-ng 1 Ocs Inventory Ng 2024-11-21 6.8 MEDIUM N/A
Multiple SQL injection vulnerabilities in OCS Inventory NG before 1.02.3 allow remote attackers to execute arbitrary SQL commands via (1) multiple inventory fields to the search form, reachable through index.php; or (2) the "Software name" field to the "All softwares" search form, reachable through index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2010-1595 1 Ocsinventory-ng 1 Ocs Inventory Ng 2024-11-21 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers to execute arbitrary SQL commands via the (1) c, (2) val_1, or (3) onglet_bis parameter.
CVE-2010-1594 1 Ocsinventory-ng 1 Ocs Inventory Ng 2024-11-21 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers to inject arbitrary web script or HTML via (1) the query string, (2) the BASE parameter, or (3) the ega_1 parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-3042 1 Ocsinventory-ng 1 Ocs Inventory Ng 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in machine.php in Open Computer and Software (OCS) Inventory NG 1.02.1 allows remote attackers to execute arbitrary SQL commands via the systemid parameter, a different vector than CVE-2009-3040.
CVE-2009-3040 1 Ocsinventory-ng 1 Ocs Inventory Ng 2024-11-21 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Open Computer and Software (OCS) Inventory NG 1.02 for Unix allow remote attackers to execute arbitrary SQL commands via the (1) N, (2) DL, (3) O and (4) V parameters to download.php and the (5) SYSTEMID parameter to group_show.php.
CVE-2009-2166 2 Ocsinventory-ng, Unix 2 Ocs Inventory Ng, Unix 2024-11-21 5.0 MEDIUM N/A
Absolute path traversal vulnerability in cvs.php in OCS Inventory NG before 1.02.1 on Unix allows remote attackers to read arbitrary files via a full pathname in the log parameter.
CVE-2009-1769 1 Ocsinventory-ng 1 Ocs Inventory Ng 2024-11-21 5.0 MEDIUM N/A
The web interface in Open Computer and Software Inventory Next Generation (OCS Inventory NG) 1.01 generates different error messages depending on whether a username is valid, which allows remote attackers to enumerate valid usernames.
CVE-2009-1443 1 Ocsinventory-ng 1 Ocs Inventory Ng 2024-11-21 10.0 HIGH N/A
Multiple unspecified vulnerabilities in the Server component in OCS Inventory NG before 1.02 have unknown impact and attack vectors.
CVE-2009-0667 1 Ocsinventory-ng 2 Ocs Inventory Ng, Ocsinventory-agent 2024-11-21 7.2 HIGH N/A
Untrusted search path vulnerability in Agent/Backend.pm in Ocsinventory-Agent before 0.0.9.3, and 1.x before 1.0.1, in OCS Inventory allows local users to gain privileges via a Trojan horse Perl module in an arbitrary directory.