Vulnerabilities > Ocsinventory NG

DATE CVE VULNERABILITY TITLE RISK
2024-01-04 CVE-2023-3726 Unspecified vulnerability in Ocsinventory-Ng Ocsinventory-Ocsreports 2.12.0
OCSInventory allow stored email template with special characters that lead to a Stored cross-site Scripting.
network
low complexity
ocsinventory-ng
6.9
2018-11-29 CVE-2018-15537 Unrestricted Upload of File with Dangerous Type vulnerability in Ocsinventory-Ng Ocsinventory NG
Unrestricted file upload (with remote code execution) in OCS Inventory NG ocsreports allows a privileged user to gain access to the server via crafted HTTP requests.
network
low complexity
ocsinventory-ng CWE-434
8.8
2018-08-06 CVE-2018-14857 Unrestricted Upload of File with Dangerous Type vulnerability in Ocsinventory-Ng OCS Inventory Server
Unrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are permitted.
network
low complexity
ocsinventory-ng CWE-434
8.8
2018-08-04 CVE-2018-14473 XXE vulnerability in Ocsinventory-Ng Ocsinventory NG 2.4.1
OCS Inventory 2.4.1 lacks a proper XML parsing configuration, allowing the use of external entities.
network
low complexity
ocsinventory-ng CWE-611
critical
9.1
2018-08-04 CVE-2018-12483 OS Command Injection vulnerability in Ocsinventory-Ng Ocsinventory NG 2.4.1
OCS Inventory 2.4.1 is prone to a remote command-execution vulnerability.
network
low complexity
ocsinventory-ng CWE-78
8.8
2018-08-04 CVE-2018-12482 SQL Injection vulnerability in Ocsinventory-Ng Ocsinventory NG 2.4.1
OCS Inventory 2.4.1 contains multiple SQL injections in the search engine.
network
low complexity
ocsinventory-ng CWE-89
8.8
2018-06-26 CVE-2018-1000558 SQL Injection vulnerability in Ocsinventory-Ng Ocsinventory NG 2.3.1/2.4
OCS Inventory NG ocsreports 2.4 and ocsreports 2.3.1 version 2.4 and 2.3.1 contains a SQL Injection vulnerability in web search that can result in An authenticated attacker is able to gain full access to data stored within database.
network
low complexity
ocsinventory-ng CWE-89
6.5
2018-06-26 CVE-2018-1000557 Cross-site Scripting vulnerability in Ocsinventory-Ng Ocsinventory NG 2.4
OCS Inventory OCS Inventory NG version ocsreports 2.4 contains a Cross Site Scripting (XSS) vulnerability in login form and search functionality that can result in An attacker is able to execute arbitrary (javascript) code within a victims' browser.
network
low complexity
ocsinventory-ng CWE-79
6.1