CVE-2009-1769
https://notcve.org/view.php?id=CVE-2009-1769
The web interface in Open Computer and Software Inventory Next Generation (OCS Inventory NG) 1.01 generates different error messages depending on whether a username is valid, which allows remote attackers to enumerate valid usernames. La interfaz web en Open Computer and Software Inventory Next Generation (OCS Inventory NG) versión 1.01 genera diferentes mensajes de error dependiendo de si un nombre de usuario es válido, lo que permite a los atacantes remotos enumerar nombres de usuarios válidos. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529344 http://secunia.com/advisories/35157 http://secunia.com/advisories/35313 http://www.ocsinventory-ng.org/index.php?mact=News%2Ccntnt01%2Cdetail%2C0&cntnt01articleid=133&cntnt01returnid=69 http://www.securityfocus.com/bid/35023 https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00050.html https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00057.html https://www.redhat.com/archives/fedora-package-announce/2009 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2009-1443 – OCS Inventory NG Server 1.3.1 - 'LOGIN' Remote Authentication Bypass
https://notcve.org/view.php?id=CVE-2009-1443
Multiple unspecified vulnerabilities in the Server component in OCS Inventory NG before 1.02 have unknown impact and attack vectors. Múltiples vulnerabilidades no especificadas en el componente de servidor de OCS Inventory NG antes de v1.02 tienen un impacto y unos vectores de ataque desconocidos. • https://www.exploit-db.com/exploits/12520 http://secunia.com/advisories/34763 http://www.ocsinventory-ng.org/index.php?mact=News%2Ccntnt01%2Cdetail%2C0&cntnt01articleid=133&cntnt01returnid=51 http://www.securityfocus.com/bid/34694 http://www.vupen.com/english/advisories/2009/1152 •