Page 3 of 19 results (0.004 seconds)

CVSS: 6.8EPSS: 0%CPEs: 12EXPL: 0

Multiple SQL injection vulnerabilities in OCS Inventory NG before 1.02.3 allow remote attackers to execute arbitrary SQL commands via (1) multiple inventory fields to the search form, reachable through index.php; or (2) the "Software name" field to the "All softwares" search form, reachable through index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Múltiples vulnerabilidades de inyección SQL en OCS Inventory NG anterior v1.02.3 permite a atacantes remotos ejecutar comandos SQL de su elección a través de (1) múltiples campos inventariados en el formulario search, alcanzables por index.php; (2) el campo "Software name" en "All softwares" del formulario search, alcanzable por index.php. NOTa: el origen de esta informaciÓn es desconocido, los detalles se han obtenido de terceras partes solamente. • http://osvdb.org/61942 http://secunia.com/advisories/38311 http://www.mandriva.com/security/advisories?name=MDVSA-2010:178 https://exchange.xforce.ibmcloud.com/vulnerabilities/55873 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

Multiple SQL injection vulnerabilities in ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers to execute arbitrary SQL commands via the (1) c, (2) val_1, or (3) onglet_bis parameter. Múltiples vulnerabilidades de inyección SQL en ocsreports/index.php en OCS Inventory NG v1.02.1 permite a atacantes remotos ejecutar comandos SQL de su elección a través de los parámetros (1) c, (2) val_1, o (3) onglet_bis. • http://osvdb.org/61942 http://packetstormsecurity.org/1001-exploits/ocsinventoryng-sqlxss.txt http://secunia.com/advisories/38311 http://www.mandriva.com/security/advisories?name=MDVSA-2010:178 https://exchange.xforce.ibmcloud.com/vulnerabilities/55872 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

Multiple cross-site scripting (XSS) vulnerabilities in ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers to inject arbitrary web script or HTML via (1) the query string, (2) the BASE parameter, or (3) the ega_1 parameter. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en ocsreports/index.php en OCS Inventory NG v1.02.1 permite a atacantes remotos inyectar código web o HTML de su elección a través de la cadena de la pregunta (2) el parámetro BASE, o (3) el parámetro ega_1 parameter. NOTA: algunos de estos detalles han sido obtenidos a partir de terceros. • http://osvdb.org/61943 http://packetstormsecurity.org/1001-exploits/ocsinventoryng-sqlxss.txt http://secunia.com/advisories/38311 http://www.mandriva.com/security/advisories?name=MDVSA-2010:178 https://exchange.xforce.ibmcloud.com/vulnerabilities/55874 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2

SQL injection vulnerability in machine.php in Open Computer and Software (OCS) Inventory NG 1.02.1 allows remote attackers to execute arbitrary SQL commands via the systemid parameter, a different vector than CVE-2009-3040. Vulnerabilidad de inyección SQL en machine.php en Open Computer and Software (OCS) Inventory NG v1.02.1 permite a atacantes remotos ejecutar comandos SQL a su elección a través del parámetro systemid, un vector diferente que CVE-2009-3040. • https://www.exploit-db.com/exploits/9416 http://seclists.org/fulldisclosure/2009/Aug/0143.html http://secunia.com/advisories/35311 http://www.exploit-db.com/exploits/9416 http://www.ocsinventory-ng.org/index.php?mact=News%2Ccntnt01%2Cdetail%2C0&cntnt01articleid=147&cntnt01returnid=15 http://www.securityfocus.com/archive/1/505675/100/0/threaded • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2

Multiple SQL injection vulnerabilities in Open Computer and Software (OCS) Inventory NG 1.02 for Unix allow remote attackers to execute arbitrary SQL commands via the (1) N, (2) DL, (3) O and (4) V parameters to download.php and the (5) SYSTEMID parameter to group_show.php. Múltiples vulnerabilidades de inyección SQL en Open Computer and Software (OCS) Inventory NG v1.02 para Unix permite a atacantes remotos ejecutar comandos SQL a su elección a través de los parámetros (1) N, (2) DL, (3) O y(4) V en download.php y el parámetro (5) SYSTEMID en group_show.php. • https://www.exploit-db.com/exploits/8836 http://www.leidecker.info/advisories/2009-05-30-ocs_inventory_ng_sql_injection.shtml http://www.ocsinventory-ng.org/index.php?mact=News%2Ccntnt01%2Cdetail%2C0&cntnt01articleid=140&cntnt01returnid=72 http://www.securityfocus.com/archive/1/503936/100/0/threaded • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •