Vulnerabilities > Ocsinventory NG

DATE CVE VULNERABILITY TITLE RISK
2018-11-29 CVE-2018-15537 Unrestricted Upload of File with Dangerous Type vulnerability in Ocsinventory-Ng Ocsinventory NG
Unrestricted file upload (with remote code execution) in OCS Inventory NG ocsreports allows a privileged user to gain access to the server via crafted HTTP requests.
network
low complexity
ocsinventory-ng CWE-434
6.5
2018-08-06 CVE-2018-14857 Unrestricted Upload of File with Dangerous Type vulnerability in Ocsinventory-Ng OCS Inventory Server
Unrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are permitted.
network
low complexity
ocsinventory-ng CWE-434
6.5
2018-08-04 CVE-2018-14473 XXE vulnerability in Ocsinventory-Ng Ocsinventory NG 2.4.1
OCS Inventory 2.4.1 lacks a proper XML parsing configuration, allowing the use of external entities.
network
low complexity
ocsinventory-ng CWE-611
6.4
2018-08-04 CVE-2018-12483 OS Command Injection vulnerability in Ocsinventory-Ng Ocsinventory NG 2.4.1
OCS Inventory 2.4.1 is prone to a remote command-execution vulnerability.
network
low complexity
ocsinventory-ng CWE-78
critical
9.0
2018-08-04 CVE-2018-12482 SQL Injection vulnerability in Ocsinventory-Ng Ocsinventory NG 2.4.1
OCS Inventory 2.4.1 contains multiple SQL injections in the search engine.
network
low complexity
ocsinventory-ng CWE-89
6.5
2018-06-26 CVE-2018-1000558 SQL Injection vulnerability in Ocsinventory-Ng Ocsinventory NG 2.3.1/2.4
OCS Inventory NG ocsreports 2.4 and ocsreports 2.3.1 version 2.4 and 2.3.1 contains a SQL Injection vulnerability in web search that can result in An authenticated attacker is able to gain full access to data stored within database.
network
low complexity
ocsinventory-ng CWE-89
4.0
2018-06-26 CVE-2018-1000557 Cross-site Scripting vulnerability in Ocsinventory-Ng Ocsinventory NG 2.4
OCS Inventory OCS Inventory NG version ocsreports 2.4 contains a Cross Site Scripting (XSS) vulnerability in login form and search functionality that can result in An attacker is able to execute arbitrary (javascript) code within a victims' browser.
4.3
2014-07-07 CVE-2014-4722 Cross-Site Scripting vulnerability in Ocsinventory-Ng Ocsinventory NG
Multiple cross-site scripting (XSS) vulnerabilities in the OCS Reports Web Interface in OCS Inventory NG allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4.3
2011-10-21 CVE-2011-4024 Cross-Site Scripting vulnerability in Ocsinventory-Ng OCS Inventory NG
Cross-site scripting (XSS) vulnerability in ocsinventory in OCS Inventory NG 2.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4.3
2010-05-06 CVE-2010-1733 SQL Injection vulnerability in Ocsinventory-Ng OCS Inventory NG 1.0/1.01/1.02
Multiple SQL injection vulnerabilities in OCS Inventory NG before 1.02.3 allow remote attackers to execute arbitrary SQL commands via (1) multiple inventory fields to the search form, reachable through index.php; or (2) the "Software name" field to the "All softwares" search form, reachable through index.php.
6.8