Vulnerabilities > Ocsinventory NG > Ocsinventory NG

DATE CVE VULNERABILITY TITLE RISK
2018-11-29 CVE-2018-15537 Unrestricted Upload of File with Dangerous Type vulnerability in Ocsinventory-Ng Ocsinventory NG
Unrestricted file upload (with remote code execution) in OCS Inventory NG ocsreports allows a privileged user to gain access to the server via crafted HTTP requests.
network
low complexity
ocsinventory-ng CWE-434
6.5
6.5
2018-08-04 CVE-2018-14473 XXE vulnerability in Ocsinventory-Ng Ocsinventory NG 2.4.1
OCS Inventory 2.4.1 lacks a proper XML parsing configuration, allowing the use of external entities.
network
low complexity
ocsinventory-ng CWE-611
6.4
6.4
2018-08-04 CVE-2018-12483 OS Command Injection vulnerability in Ocsinventory-Ng Ocsinventory NG 2.4.1
OCS Inventory 2.4.1 is prone to a remote command-execution vulnerability.
network
low complexity
ocsinventory-ng CWE-78
critical
 9.0
9.0
2018-08-04 CVE-2018-12482 SQL Injection vulnerability in Ocsinventory-Ng Ocsinventory NG 2.4.1
OCS Inventory 2.4.1 contains multiple SQL injections in the search engine.
network
low complexity
ocsinventory-ng CWE-89
6.5
6.5
2018-06-26 CVE-2018-1000558 SQL Injection vulnerability in Ocsinventory-Ng Ocsinventory NG 2.3.1/2.4
OCS Inventory NG ocsreports 2.4 and ocsreports 2.3.1 version 2.4 and 2.3.1 contains a SQL Injection vulnerability in web search that can result in An authenticated attacker is able to gain full access to data stored within database.
network
low complexity
ocsinventory-ng CWE-89
4.0
4.0
2018-06-26 CVE-2018-1000557 Cross-site Scripting vulnerability in Ocsinventory-Ng Ocsinventory NG 2.4
OCS Inventory OCS Inventory NG version ocsreports 2.4 contains a Cross Site Scripting (XSS) vulnerability in login form and search functionality that can result in An attacker is able to execute arbitrary (javascript) code within a victims' browser. 		4.3
4.3
2014-07-07 CVE-2014-4722 Cross-Site Scripting vulnerability in Ocsinventory-Ng Ocsinventory NG
Multiple cross-site scripting (XSS) vulnerabilities in the OCS Reports Web Interface in OCS Inventory NG allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. 		4.3
4.3