CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3726 – OCSInventory-ocsreports 2.12.0 - Stored cross-site Scripting
https://notcve.org/view.php?id=CVE-2023-3726
04 Jan 2024 — OCSInventory allow stored email template with special characters that lead to a Stored cross-site Scripting. OCSInventory permite almacenar plantillas de correo electrónico con caracteres especiales que conducen a cross-site Scripting almacenado. • https://fluidattacks.com/advisories/creed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 1CVE-2018-15537 – OCS Inventory NG ocsreports Shell Upload
https://notcve.org/view.php?id=CVE-2018-15537
14 Nov 2018 — Unrestricted file upload (with remote code execution) in OCS Inventory NG ocsreports allows a privileged user to gain access to the server via crafted HTTP requests. Subida de archivos sin restricción (con ejecución remota de código) en OCS Inventory NG ocsreports permite que un usuario privilegiado obtenga acceso al servidor mediante peticiones HTTP especialmente manipuladas. OCS Inventory NG suffers from an ocsreports authenticated remote code execution vulnerability via a shell upload. • https://packetstorm.news/files/id/150330 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 6%CPEs: 1EXPL: 1CVE-2018-14857 – OCS Inventory NG Webconsole Shell Upload
https://notcve.org/view.php?id=CVE-2018-14857
06 Aug 2018 — Unrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are permitted. Subida de archivos sin restricción (con ejecución remota de código) en require/mail/NotificationMail.php en Webconsole en OCS Inventory NG OCS Inventory Server hasta la versión 2.5 permite que un usuario... • https://packetstorm.news/files/id/148827 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.1EPSS: 2%CPEs: 1EXPL: 1CVE-2018-14473
https://notcve.org/view.php?id=CVE-2018-14473
03 Aug 2018 — OCS Inventory 2.4.1 lacks a proper XML parsing configuration, allowing the use of external entities. This issue can be exploited by an attacker sending a crafted HTTP request in order to exfiltrate information or cause a Denial of Service. OCS Inventory 2.4.1 carece de una configuración de análisis XML adecuada, lo que permite el uso de entidades externas. Este problema puede ser explotado por un atacante que envíe una petición HTTP manipulada para exfiltrar información o provocar una denegación de servicio... • https://www.tarlogic.com/en/blog/vulnerabilities-in-ocs-inventory-2-4-1 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 1CVE-2018-12482
https://notcve.org/view.php?id=CVE-2018-12482
03 Aug 2018 — OCS Inventory 2.4.1 contains multiple SQL injections in the search engine. Authentication is needed in order to exploit the issues. OCS Inventory 2.4.1 contiene múltiples inyecciones SQL en el motor de búsqueda. Se requiere autenticación para explotar estos problemas. • https://www.tarlogic.com/en/blog/vulnerabilities-in-ocs-inventory-2-4-1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 2%CPEs: 1EXPL: 1CVE-2018-12483
https://notcve.org/view.php?id=CVE-2018-12483
03 Aug 2018 — OCS Inventory 2.4.1 is prone to a remote command-execution vulnerability. Specifically, this issue occurs because the content of the ipdiscover_analyser rzo GET parameter is concatenated to a string used in an exec() call in the PHP code. Authentication is needed in order to exploit this vulnerability. OCS Inventory 2.4.1 es propenso a una vulnerabilidad de ejecución remota de comandos. Específicamente, este problema ocurre debido a que el contenido del parámetro GET rzo ipdiscover_analyser se concatena a u... • https://www.tarlogic.com/en/blog/vulnerabilities-in-ocs-inventory-2-4-1 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-1000557
https://notcve.org/view.php?id=CVE-2018-1000557
26 Jun 2018 — OCS Inventory OCS Inventory NG version ocsreports 2.4 contains a Cross Site Scripting (XSS) vulnerability in login form and search functionality that can result in An attacker is able to execute arbitrary (javascript) code within a victims' browser. This attack appear to be exploitable via Victim must open a crafted link to the application. This vulnerability appears to have been fixed in ocsreports 2.4.1. OCS Inventory OCS Inventory NG version ocsreports 2.4 contiene una vulnerabilidad Cross-Site Scripting... • https://www.ocsinventory-ng.org/en/ocs-inventory-server-2-4-1-has-been-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2018-1000558
https://notcve.org/view.php?id=CVE-2018-1000558
26 Jun 2018 — OCS Inventory NG ocsreports 2.4 and ocsreports 2.3.1 version 2.4 and 2.3.1 contains a SQL Injection vulnerability in web search that can result in An authenticated attacker is able to gain full access to data stored within database. This attack appear to be exploitable via By sending crafted requests it is possible to gain database access. This vulnerability appears to have been fixed in 2.4.1. OCS Inventory NG ocsreports 2.4 y ocsreports 2.3.1 en versiones 2.4. y 2.3.1 contiene una vulnerabilidad de inyecc... • https://www.ocsinventory-ng.org/en/ocs-inventory-server-2-4-1-has-been-released • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4722 – Mandriva Linux Security Advisory 2014-156
https://notcve.org/view.php?id=CVE-2014-4722
07 Jul 2014 — Multiple cross-site scripting (XSS) vulnerabilities in the OCS Reports Web Interface in OCS Inventory NG allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de XSS en la interfaz OCS Reports Web en OCS Inventory NG permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. Multiple cross-site scripting vulnerabilities in the OCS Reports Web Interface in OCS Inventory NG allow remote ... • http://packetstormsecurity.com/files/127295/OCS-Inventory-NG-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 18%CPEs: 13EXPL: 2CVE-2011-4024 – OCS Inventory NG 2.0.1 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-4024
21 Oct 2011 — Cross-site scripting (XSS) vulnerability in ocsinventory in OCS Inventory NG 2.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en ocsinventory in OCS Inventory NG v2.0.1 y anteriores permite a atacantes remotos inyectar script de su elección o HTML a través de vectores no especificados. • https://www.exploit-db.com/exploits/18005 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •