Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ocsinventory-ng ocs inventory ng vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2018-14857
Unrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server up to and including 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file ex...
Ocsinventory-ng Ocs Inventory Server
6.5
CVSSv2
CVE-2018-15537
Unrestricted file upload (with remote code execution) in OCS Inventory NG ocsreports allows a privileged user to gain access to the server via crafted HTTP requests.
Ocsinventory-ng Ocsinventory Ng -
4
CVSSv2
CVE-2018-1000558
OCS Inventory NG ocsreports 2.4 and ocsreports 2.3.1 version 2.4 and 2.3.1 contains a SQL Injection vulnerability in web search that can result in An authenticated attacker is able to gain full access to data stored within database. This attack appear to be exploitable via By sen...
Ocsinventory-ng Ocsinventory Ng 2.4
Ocsinventory-ng Ocsinventory Ng 2.3.1
4.3
CVSSv2
CVE-2014-4722
Multiple cross-site scripting (XSS) vulnerabilities in the OCS Reports Web Interface in OCS Inventory NG allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Ocsinventory-ng Ocsinventory Ng -
4.3
CVSSv2
CVE-2018-1000557
OCS Inventory OCS Inventory NG version ocsreports 2.4 contains a Cross Site Scripting (XSS) vulnerability in login form and search functionality that can result in An attacker is able to execute arbitrary (javascript) code within a victims' browser. This attack appear to be ...
Ocsinventory-ng Ocsinventory Ng 2.4
6.5
CVSSv2
CVE-2018-12482
OCS Inventory 2.4.1 contains multiple SQL injections in the search engine. Authentication is needed in order to exploit the issues.
Ocsinventory-ng Ocsinventory Ng 2.4.1
6.4
CVSSv2
CVE-2018-14473
OCS Inventory 2.4.1 lacks a proper XML parsing configuration, allowing the use of external entities. This issue can be exploited by an attacker sending a crafted HTTP request in order to exfiltrate information or cause a Denial of Service.
Ocsinventory-ng Ocsinventory Ng 2.4.1
9
CVSSv2
CVE-2018-12483
OCS Inventory 2.4.1 is prone to a remote command-execution vulnerability. Specifically, this issue occurs because the content of the ipdiscover_analyser rzo GET parameter is concatenated to a string used in an exec() call in the PHP code. Authentication is needed in order to expl...
Ocsinventory-ng Ocsinventory Ng 2.4.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege
CVE-2022-48762
CVE-2022-48751
CVE-2024-37079
CVE-2024-30848
LFI
man-in-the-middle
CVE-2022-48736
CVE-2024-30103
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2