Vulnerabilites related to ocsinventory-ng - ocs_inventory_ng
cve-2009-3040
Vulnerability from cvelistv5
Published
2009-09-01 18:04
Modified
2024-08-07 06:14
Severity ?
EPSS score ?
Summary
Multiple SQL injection vulnerabilities in Open Computer and Software (OCS) Inventory NG 1.02 for Unix allow remote attackers to execute arbitrary SQL commands via the (1) N, (2) DL, (3) O and (4) V parameters to download.php and the (5) SYSTEMID parameter to group_show.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.leidecker.info/advisories/2009-05-30-ocs_inventory_ng_sql_injection.shtml | x_refsource_MISC | |
| http://www.ocsinventory-ng.org/index.php?mact=News%2Ccntnt01%2Cdetail%2C0&cntnt01articleid=140&cntnt01returnid=72 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/503936/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:14:55.529Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.leidecker.info/advisories/2009-05-30-ocs_inventory_ng_sql_injection.shtml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ocsinventory-ng.org/index.php?mact=News%2Ccntnt01%2Cdetail%2C0\u0026cntnt01articleid=140\u0026cntnt01returnid=72"
},
{
"name": "20090530 OCS Inventory NG 1.02 - Multiple SQL Injections",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/503936/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Open Computer and Software (OCS) Inventory NG 1.02 for Unix allow remote attackers to execute arbitrary SQL commands via the (1) N, (2) DL, (3) O and (4) V parameters to download.php and the (5) SYSTEMID parameter to group_show.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.leidecker.info/advisories/2009-05-30-ocs_inventory_ng_sql_injection.shtml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ocsinventory-ng.org/index.php?mact=News%2Ccntnt01%2Cdetail%2C0\u0026cntnt01articleid=140\u0026cntnt01returnid=72"
},
{
"name": "20090530 OCS Inventory NG 1.02 - Multiple SQL Injections",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/503936/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3040",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Open Computer and Software (OCS) Inventory NG 1.02 for Unix allow remote attackers to execute arbitrary SQL commands via the (1) N, (2) DL, (3) O and (4) V parameters to download.php and the (5) SYSTEMID parameter to group_show.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.leidecker.info/advisories/2009-05-30-ocs_inventory_ng_sql_injection.shtml",
"refsource": "MISC",
"url": "http://www.leidecker.info/advisories/2009-05-30-ocs_inventory_ng_sql_injection.shtml"
},
{
"name": "http://www.ocsinventory-ng.org/index.php?mact=News,cntnt01,detail,0\u0026cntnt01articleid=140\u0026cntnt01returnid=72",
"refsource": "CONFIRM",
"url": "http://www.ocsinventory-ng.org/index.php?mact=News,cntnt01,detail,0\u0026cntnt01articleid=140\u0026cntnt01returnid=72"
},
{
"name": "20090530 OCS Inventory NG 1.02 - Multiple SQL Injections",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/503936/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3040",
"datePublished": "2009-09-01T18:04:00",
"dateReserved": "2009-09-01T00:00:00",
"dateUpdated": "2024-08-07T06:14:55.529Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1595
Vulnerability from cvelistv5
Published
2010-04-28 23:00
Modified
2024-08-07 01:28
Severity ?
EPSS score ?
Summary
Multiple SQL injection vulnerabilities in ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers to execute arbitrary SQL commands via the (1) c, (2) val_1, or (3) onglet_bis parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/38311 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2010:178 | vendor-advisory, x_refsource_MANDRIVA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/55872 | vdb-entry, x_refsource_XF | |
| http://packetstormsecurity.org/1001-exploits/ocsinventoryng-sqlxss.txt | x_refsource_MISC | |
| http://osvdb.org/61942 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:28:41.759Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38311",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38311"
},
{
"name": "MDVSA-2010:178",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:178"
},
{
"name": "ocsinventoryng-index-sql-injection(55872)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55872"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/1001-exploits/ocsinventoryng-sqlxss.txt"
},
{
"name": "61942",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/61942"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers to execute arbitrary SQL commands via the (1) c, (2) val_1, or (3) onglet_bis parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38311",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38311"
},
{
"name": "MDVSA-2010:178",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:178"
},
{
"name": "ocsinventoryng-index-sql-injection(55872)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55872"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/1001-exploits/ocsinventoryng-sqlxss.txt"
},
{
"name": "61942",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/61942"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1595",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers to execute arbitrary SQL commands via the (1) c, (2) val_1, or (3) onglet_bis parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38311",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38311"
},
{
"name": "MDVSA-2010:178",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:178"
},
{
"name": "ocsinventoryng-index-sql-injection(55872)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55872"
},
{
"name": "http://packetstormsecurity.org/1001-exploits/ocsinventoryng-sqlxss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1001-exploits/ocsinventoryng-sqlxss.txt"
},
{
"name": "61942",
"refsource": "OSVDB",
"url": "http://osvdb.org/61942"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1595",
"datePublished": "2010-04-28T23:00:00",
"dateReserved": "2010-04-28T00:00:00",
"dateUpdated": "2024-08-07T01:28:41.759Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-0667
Vulnerability from cvelistv5
Published
2009-07-09 17:00
Modified
2024-08-07 04:40
Severity ?
EPSS score ?
Summary
Untrusted search path vulnerability in Agent/Backend.pm in Ocsinventory-Agent before 0.0.9.3, and 1.x before 1.0.1, in OCS Inventory allows local users to gain privileges via a Trojan horse Perl module in an arbitrary directory.
References
| ▼ | URL | Tags |
|---|---|---|
| http://nana.rulezlan.org/~goneri/ocsinventory-agent/Ocsinventory-Agent-0.0.9.3.tar.gz | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2009/1809 | vdb-entry, x_refsource_VUPEN | |
| http://security.debian.org/pool/updates/main/o/ocsinventory-agent/ocsinventory-agent_0.0.9.2repack1-4lenny1.diff.gz | x_refsource_CONFIRM | |
| http://www.ocsinventory-ng.org/index.php?mact=News%2Ccntnt01%2Cdetail%2C0&cntnt01articleid=144 | x_refsource_CONFIRM | |
| http://osvdb.org/55718 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/35593 | vdb-entry, x_refsource_BID | |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506416 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/35768 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2009/dsa-1828 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/35727 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:40:05.083Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nana.rulezlan.org/~goneri/ocsinventory-agent/Ocsinventory-Agent-0.0.9.3.tar.gz"
},
{
"name": "ADV-2009-1809",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1809"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://security.debian.org/pool/updates/main/o/ocsinventory-agent/ocsinventory-agent_0.0.9.2repack1-4lenny1.diff.gz"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ocsinventory-ng.org/index.php?mact=News%2Ccntnt01%2Cdetail%2C0\u0026cntnt01articleid=144"
},
{
"name": "55718",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/55718"
},
{
"name": "35593",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35593"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506416"
},
{
"name": "35768",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35768"
},
{
"name": "DSA-1828",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1828"
},
{
"name": "35727",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35727"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Agent/Backend.pm in Ocsinventory-Agent before 0.0.9.3, and 1.x before 1.0.1, in OCS Inventory allows local users to gain privileges via a Trojan horse Perl module in an arbitrary directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-07-18T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nana.rulezlan.org/~goneri/ocsinventory-agent/Ocsinventory-Agent-0.0.9.3.tar.gz"
},
{
"name": "ADV-2009-1809",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1809"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://security.debian.org/pool/updates/main/o/ocsinventory-agent/ocsinventory-agent_0.0.9.2repack1-4lenny1.diff.gz"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ocsinventory-ng.org/index.php?mact=News%2Ccntnt01%2Cdetail%2C0\u0026cntnt01articleid=144"
},
{
"name": "55718",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/55718"
},
{
"name": "35593",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35593"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506416"
},
{
"name": "35768",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35768"
},
{
"name": "DSA-1828",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1828"
},
{
"name": "35727",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35727"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0667",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Agent/Backend.pm in Ocsinventory-Agent before 0.0.9.3, and 1.x before 1.0.1, in OCS Inventory allows local users to gain privileges via a Trojan horse Perl module in an arbitrary directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://nana.rulezlan.org/~goneri/ocsinventory-agent/Ocsinventory-Agent-0.0.9.3.tar.gz",
"refsource": "CONFIRM",
"url": "http://nana.rulezlan.org/~goneri/ocsinventory-agent/Ocsinventory-Agent-0.0.9.3.tar.gz"
},
{
"name": "ADV-2009-1809",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1809"
},
{
"name": "http://security.debian.org/pool/updates/main/o/ocsinventory-agent/ocsinventory-agent_0.0.9.2repack1-4lenny1.diff.gz",
"refsource": "CONFIRM",
"url": "http://security.debian.org/pool/updates/main/o/ocsinventory-agent/ocsinventory-agent_0.0.9.2repack1-4lenny1.diff.gz"
},
{
"name": "http://www.ocsinventory-ng.org/index.php?mact=News,cntnt01,detail,0\u0026cntnt01articleid=144",
"refsource": "CONFIRM",
"url": "http://www.ocsinventory-ng.org/index.php?mact=News,cntnt01,detail,0\u0026cntnt01articleid=144"
},
{
"name": "55718",
"refsource": "OSVDB",
"url": "http://osvdb.org/55718"
},
{
"name": "35593",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35593"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506416",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506416"
},
{
"name": "35768",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35768"
},
{
"name": "DSA-1828",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1828"
},
{
"name": "35727",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35727"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0667",
"datePublished": "2009-07-09T17:00:00",
"dateReserved": "2009-02-22T00:00:00",
"dateUpdated": "2024-08-07T04:40:05.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-2166
Vulnerability from cvelistv5
Published
2009-06-22 20:00
Modified
2024-08-07 05:44
Severity ?
EPSS score ?
Summary
Absolute path traversal vulnerability in cvs.php in OCS Inventory NG before 1.02.1 on Unix allows remote attackers to read arbitrary files via a full pathname in the log parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/8868 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.securityfocus.com/archive/1/504047/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.leidecker.info/advisories/2009-05-30-ocs_inventory_ng_directory_traversal.shtml | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/50946 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:55.157Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8868",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/8868"
},
{
"name": "20090602 OCS Inventory NG 1.02 - Directory Traversal",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/504047/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.leidecker.info/advisories/2009-05-30-ocs_inventory_ng_directory_traversal.shtml"
},
{
"name": "ocsinventory-cvs-info-disclosure(50946)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50946"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Absolute path traversal vulnerability in cvs.php in OCS Inventory NG before 1.02.1 on Unix allows remote attackers to read arbitrary files via a full pathname in the log parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8868",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/8868"
},
{
"name": "20090602 OCS Inventory NG 1.02 - Directory Traversal",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/504047/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.leidecker.info/advisories/2009-05-30-ocs_inventory_ng_directory_traversal.shtml"
},
{
"name": "ocsinventory-cvs-info-disclosure(50946)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50946"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2166",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Absolute path traversal vulnerability in cvs.php in OCS Inventory NG before 1.02.1 on Unix allows remote attackers to read arbitrary files via a full pathname in the log parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8868",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8868"
},
{
"name": "20090602 OCS Inventory NG 1.02 - Directory Traversal",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504047/100/0/threaded"
},
{
"name": "http://www.leidecker.info/advisories/2009-05-30-ocs_inventory_ng_directory_traversal.shtml",
"refsource": "MISC",
"url": "http://www.leidecker.info/advisories/2009-05-30-ocs_inventory_ng_directory_traversal.shtml"
},
{
"name": "ocsinventory-cvs-info-disclosure(50946)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50946"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2166",
"datePublished": "2009-06-22T20:00:00",
"dateReserved": "2009-06-22T00:00:00",
"dateUpdated": "2024-08-07T05:44:55.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1733
Vulnerability from cvelistv5
Published
2010-05-05 18:00
Modified
2024-08-07 01:35
Severity ?
EPSS score ?
Summary
Multiple SQL injection vulnerabilities in OCS Inventory NG before 1.02.3 allow remote attackers to execute arbitrary SQL commands via (1) multiple inventory fields to the search form, reachable through index.php; or (2) the "Software name" field to the "All softwares" search form, reachable through index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/38311 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2010:178 | vendor-advisory, x_refsource_MANDRIVA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/55873 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/61942 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:35:53.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38311",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38311"
},
{
"name": "MDVSA-2010:178",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:178"
},
{
"name": "ocsinventoryng-searchform-sql-injection(55873)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55873"
},
{
"name": "61942",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/61942"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in OCS Inventory NG before 1.02.3 allow remote attackers to execute arbitrary SQL commands via (1) multiple inventory fields to the search form, reachable through index.php; or (2) the \"Software name\" field to the \"All softwares\" search form, reachable through index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38311",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38311"
},
{
"name": "MDVSA-2010:178",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:178"
},
{
"name": "ocsinventoryng-searchform-sql-injection(55873)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55873"
},
{
"name": "61942",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/61942"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1733",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in OCS Inventory NG before 1.02.3 allow remote attackers to execute arbitrary SQL commands via (1) multiple inventory fields to the search form, reachable through index.php; or (2) the \"Software name\" field to the \"All softwares\" search form, reachable through index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38311",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38311"
},
{
"name": "MDVSA-2010:178",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:178"
},
{
"name": "ocsinventoryng-searchform-sql-injection(55873)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55873"
},
{
"name": "61942",
"refsource": "OSVDB",
"url": "http://osvdb.org/61942"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1733",
"datePublished": "2010-05-05T18:00:00",
"dateReserved": "2010-05-05T00:00:00",
"dateUpdated": "2024-08-07T01:35:53.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4024
Vulnerability from cvelistv5
Published
2011-10-21 18:00
Modified
2024-08-06 23:53
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in ocsinventory in OCS Inventory NG 2.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/70406 | vdb-entry, x_refsource_XF | |
| http://securityreason.com/securityalert/8477 | third-party-advisory, x_refsource_SREASON | |
| http://osvdb.org/76135 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/50011 | vdb-entry, x_refsource_BID | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2012:053 | vendor-advisory, x_refsource_MANDRIVA | |
| http://secunia.com/advisories/46311 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.exploit-db.com/exploits/18005 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.ocsinventory-ng.org/fr/accueil/nouvelles/version-2-0-2-stable.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ocsinventoryng-unspecified-xss(70406)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70406"
},
{
"name": "8477",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8477"
},
{
"name": "76135",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/76135"
},
{
"name": "50011",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/50011"
},
{
"name": "MDVSA-2012:053",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:053"
},
{
"name": "46311",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46311"
},
{
"name": "18005",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18005"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ocsinventory-ng.org/fr/accueil/nouvelles/version-2-0-2-stable.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-10-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in ocsinventory in OCS Inventory NG 2.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-28T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ocsinventoryng-unspecified-xss(70406)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70406"
},
{
"name": "8477",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8477"
},
{
"name": "76135",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/76135"
},
{
"name": "50011",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/50011"
},
{
"name": "MDVSA-2012:053",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:053"
},
{
"name": "46311",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46311"
},
{
"name": "18005",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18005"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ocsinventory-ng.org/fr/accueil/nouvelles/version-2-0-2-stable.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4024",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in ocsinventory in OCS Inventory NG 2.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ocsinventoryng-unspecified-xss(70406)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70406"
},
{
"name": "8477",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8477"
},
{
"name": "76135",
"refsource": "OSVDB",
"url": "http://osvdb.org/76135"
},
{
"name": "50011",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50011"
},
{
"name": "MDVSA-2012:053",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:053"
},
{
"name": "46311",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46311"
},
{
"name": "18005",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18005"
},
{
"name": "http://www.ocsinventory-ng.org/fr/accueil/nouvelles/version-2-0-2-stable.html",
"refsource": "CONFIRM",
"url": "http://www.ocsinventory-ng.org/fr/accueil/nouvelles/version-2-0-2-stable.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4024",
"datePublished": "2011-10-21T18:00:00",
"dateReserved": "2011-10-06T00:00:00",
"dateUpdated": "2024-08-06T23:53:32.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1769
Vulnerability from cvelistv5
Published
2009-05-22 18:00
Modified
2024-08-07 05:27
Severity ?
EPSS score ?
Summary
The web interface in Open Computer and Software Inventory Next Generation (OCS Inventory NG) 1.01 generates different error messages depending on whether a username is valid, which allows remote attackers to enumerate valid usernames.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ocsinventory-ng.org/index.php?mact=News%2Ccntnt01%2Cdetail%2C0&cntnt01articleid=133&cntnt01returnid=69 | x_refsource_MISC | |
| http://secunia.com/advisories/35157 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/35313 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/35023 | vdb-entry, x_refsource_BID | |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529344 | x_refsource_CONFIRM | |
| https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00063.html | vendor-advisory, x_refsource_FEDORA | |
| https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00057.html | vendor-advisory, x_refsource_FEDORA | |
| https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00050.html | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:27:54.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocsinventory-ng.org/index.php?mact=News%2Ccntnt01%2Cdetail%2C0\u0026cntnt01articleid=133\u0026cntnt01returnid=69"
},
{
"name": "35157",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35157"
},
{
"name": "35313",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35313"
},
{
"name": "35023",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35023"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529344"
},
{
"name": "FEDORA-2009-5773",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00063.html"
},
{
"name": "FEDORA-2009-5769",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00057.html"
},
{
"name": "FEDORA-2009-5764",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00050.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-05-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The web interface in Open Computer and Software Inventory Next Generation (OCS Inventory NG) 1.01 generates different error messages depending on whether a username is valid, which allows remote attackers to enumerate valid usernames."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-06-06T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocsinventory-ng.org/index.php?mact=News%2Ccntnt01%2Cdetail%2C0\u0026cntnt01articleid=133\u0026cntnt01returnid=69"
},
{
"name": "35157",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35157"
},
{
"name": "35313",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35313"
},
{
"name": "35023",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35023"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529344"
},
{
"name": "FEDORA-2009-5773",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00063.html"
},
{
"name": "FEDORA-2009-5769",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00057.html"
},
{
"name": "FEDORA-2009-5764",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00050.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1769",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web interface in Open Computer and Software Inventory Next Generation (OCS Inventory NG) 1.01 generates different error messages depending on whether a username is valid, which allows remote attackers to enumerate valid usernames."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ocsinventory-ng.org/index.php?mact=News,cntnt01,detail,0\u0026cntnt01articleid=133\u0026cntnt01returnid=69",
"refsource": "MISC",
"url": "http://www.ocsinventory-ng.org/index.php?mact=News,cntnt01,detail,0\u0026cntnt01articleid=133\u0026cntnt01returnid=69"
},
{
"name": "35157",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35157"
},
{
"name": "35313",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35313"
},
{
"name": "35023",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35023"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529344",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529344"
},
{
"name": "FEDORA-2009-5773",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00063.html"
},
{
"name": "FEDORA-2009-5769",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00057.html"
},
{
"name": "FEDORA-2009-5764",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00050.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1769",
"datePublished": "2009-05-22T18:00:00",
"dateReserved": "2009-05-22T00:00:00",
"dateUpdated": "2024-08-07T05:27:54.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1443
Vulnerability from cvelistv5
Published
2009-04-27 19:00
Modified
2024-09-16 17:28
Severity ?
EPSS score ?
Summary
Multiple unspecified vulnerabilities in the Server component in OCS Inventory NG before 1.02 have unknown impact and attack vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2009/1152 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/34763 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/34694 | vdb-entry, x_refsource_BID | |
| http://www.ocsinventory-ng.org/index.php?mact=News%2Ccntnt01%2Cdetail%2C0&cntnt01articleid=133&cntnt01returnid=51 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:13:25.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-1152",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1152"
},
{
"name": "34763",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34763"
},
{
"name": "34694",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34694"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ocsinventory-ng.org/index.php?mact=News%2Ccntnt01%2Cdetail%2C0\u0026cntnt01articleid=133\u0026cntnt01returnid=51"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in the Server component in OCS Inventory NG before 1.02 have unknown impact and attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-04-27T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2009-1152",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1152"
},
{
"name": "34763",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34763"
},
{
"name": "34694",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34694"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ocsinventory-ng.org/index.php?mact=News%2Ccntnt01%2Cdetail%2C0\u0026cntnt01articleid=133\u0026cntnt01returnid=51"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1443",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in the Server component in OCS Inventory NG before 1.02 have unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-1152",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1152"
},
{
"name": "34763",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34763"
},
{
"name": "34694",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34694"
},
{
"name": "http://www.ocsinventory-ng.org/index.php?mact=News,cntnt01,detail,0\u0026cntnt01articleid=133\u0026cntnt01returnid=51",
"refsource": "CONFIRM",
"url": "http://www.ocsinventory-ng.org/index.php?mact=News,cntnt01,detail,0\u0026cntnt01articleid=133\u0026cntnt01returnid=51"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1443",
"datePublished": "2009-04-27T19:00:00Z",
"dateReserved": "2009-04-27T00:00:00Z",
"dateUpdated": "2024-09-16T17:28:32.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1594
Vulnerability from cvelistv5
Published
2010-04-28 23:00
Modified
2024-08-07 01:28
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers to inject arbitrary web script or HTML via (1) the query string, (2) the BASE parameter, or (3) the ega_1 parameter. NOTE: some of these details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/61943 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/38311 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2010:178 | vendor-advisory, x_refsource_MANDRIVA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/55874 | vdb-entry, x_refsource_XF | |
| http://packetstormsecurity.org/1001-exploits/ocsinventoryng-sqlxss.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:28:42.117Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "61943",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/61943"
},
{
"name": "38311",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38311"
},
{
"name": "MDVSA-2010:178",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:178"
},
{
"name": "ocsinventoryng-index-xss(55874)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55874"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/1001-exploits/ocsinventoryng-sqlxss.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers to inject arbitrary web script or HTML via (1) the query string, (2) the BASE parameter, or (3) the ega_1 parameter. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "61943",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/61943"
},
{
"name": "38311",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38311"
},
{
"name": "MDVSA-2010:178",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:178"
},
{
"name": "ocsinventoryng-index-xss(55874)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55874"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/1001-exploits/ocsinventoryng-sqlxss.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1594",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers to inject arbitrary web script or HTML via (1) the query string, (2) the BASE parameter, or (3) the ega_1 parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "61943",
"refsource": "OSVDB",
"url": "http://osvdb.org/61943"
},
{
"name": "38311",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38311"
},
{
"name": "MDVSA-2010:178",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:178"
},
{
"name": "ocsinventoryng-index-xss(55874)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55874"
},
{
"name": "http://packetstormsecurity.org/1001-exploits/ocsinventoryng-sqlxss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1001-exploits/ocsinventoryng-sqlxss.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1594",
"datePublished": "2010-04-28T23:00:00",
"dateReserved": "2010-04-28T00:00:00",
"dateUpdated": "2024-08-07T01:28:42.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3042
Vulnerability from cvelistv5
Published
2009-09-01 18:04
Modified
2024-08-07 06:14
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in machine.php in Open Computer and Software (OCS) Inventory NG 1.02.1 allows remote attackers to execute arbitrary SQL commands via the systemid parameter, a different vector than CVE-2009-3040.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.exploit-db.com/exploits/9416 | exploit, x_refsource_EXPLOIT-DB | |
| http://seclists.org/fulldisclosure/2009/Aug/0143.html | mailing-list, x_refsource_FULLDISC | |
| http://www.securityfocus.com/archive/1/505675/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.ocsinventory-ng.org/index.php?mact=News%2Ccntnt01%2Cdetail%2C0&cntnt01articleid=147&cntnt01returnid=15 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/35311 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:14:56.340Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "9416",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/9416"
},
{
"name": "20090811 Sql injection in OCS Inventory NG Server 1.2.1",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2009/Aug/0143.html"
},
{
"name": "20090811 Sql injection in OCS Inventory NG Server 1.2.1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/505675/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ocsinventory-ng.org/index.php?mact=News%2Ccntnt01%2Cdetail%2C0\u0026cntnt01articleid=147\u0026cntnt01returnid=15"
},
{
"name": "35311",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35311"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-08-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in machine.php in Open Computer and Software (OCS) Inventory NG 1.02.1 allows remote attackers to execute arbitrary SQL commands via the systemid parameter, a different vector than CVE-2009-3040."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "9416",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/9416"
},
{
"name": "20090811 Sql injection in OCS Inventory NG Server 1.2.1",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2009/Aug/0143.html"
},
{
"name": "20090811 Sql injection in OCS Inventory NG Server 1.2.1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/505675/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ocsinventory-ng.org/index.php?mact=News%2Ccntnt01%2Cdetail%2C0\u0026cntnt01articleid=147\u0026cntnt01returnid=15"
},
{
"name": "35311",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35311"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3042",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in machine.php in Open Computer and Software (OCS) Inventory NG 1.02.1 allows remote attackers to execute arbitrary SQL commands via the systemid parameter, a different vector than CVE-2009-3040."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9416",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9416"
},
{
"name": "20090811 Sql injection in OCS Inventory NG Server 1.2.1",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2009/Aug/0143.html"
},
{
"name": "20090811 Sql injection in OCS Inventory NG Server 1.2.1",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/505675/100/0/threaded"
},
{
"name": "http://www.ocsinventory-ng.org/index.php?mact=News,cntnt01,detail,0\u0026cntnt01articleid=147\u0026cntnt01returnid=15",
"refsource": "CONFIRM",
"url": "http://www.ocsinventory-ng.org/index.php?mact=News,cntnt01,detail,0\u0026cntnt01articleid=147\u0026cntnt01returnid=15"
},
{
"name": "35311",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35311"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3042",
"datePublished": "2009-09-01T18:04:00",
"dateReserved": "2009-09-01T00:00:00",
"dateUpdated": "2024-08-07T06:14:56.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2009-09-01 18:30
Modified
2024-11-21 01:06
Severity ?
Summary
Multiple SQL injection vulnerabilities in Open Computer and Software (OCS) Inventory NG 1.02 for Unix allow remote attackers to execute arbitrary SQL commands via the (1) N, (2) DL, (3) O and (4) V parameters to download.php and the (5) SYSTEMID parameter to group_show.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ocsinventory-ng | ocs_inventory_ng | 1.02 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.02:*:unix:*:*:*:*:*",
"matchCriteriaId": "1C4201BC-7C0A-4B66-9ECD-A395A5012AC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Open Computer and Software (OCS) Inventory NG 1.02 for Unix allow remote attackers to execute arbitrary SQL commands via the (1) N, (2) DL, (3) O and (4) V parameters to download.php and the (5) SYSTEMID parameter to group_show.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en Open Computer and Software (OCS) Inventory NG v1.02 para Unix permite a atacantes remotos ejecutar comandos SQL a su elecci\u00f3n a trav\u00e9s de los par\u00e1metros (1) N, (2) DL, (3) O y(4) V en download.php y el par\u00e1metro (5) SYSTEMID en group_show.php."
}
],
"id": "CVE-2009-3040",
"lastModified": "2024-11-21T01:06:22.367",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-09-01T18:30:03.313",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.leidecker.info/advisories/2009-05-30-ocs_inventory_ng_sql_injection.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.ocsinventory-ng.org/index.php?mact=News%2Ccntnt01%2Cdetail%2C0\u0026cntnt01articleid=140\u0026cntnt01returnid=72"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/503936/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.leidecker.info/advisories/2009-05-30-ocs_inventory_ng_sql_injection.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ocsinventory-ng.org/index.php?mact=News%2Ccntnt01%2Cdetail%2C0\u0026cntnt01articleid=140\u0026cntnt01returnid=72"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/503936/100/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-04-28 23:30
Modified
2024-11-21 01:14
Severity ?
Summary
Multiple SQL injection vulnerabilities in ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers to execute arbitrary SQL commands via the (1) c, (2) val_1, or (3) onglet_bis parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ocsinventory-ng | ocs_inventory_ng | 1.02.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.02.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1B7B35C5-6165-4377-ABC8-3474905F325F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers to execute arbitrary SQL commands via the (1) c, (2) val_1, or (3) onglet_bis parameter."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en ocsreports/index.php en OCS Inventory NG v1.02.1 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de los par\u00e1metros (1) c, (2) val_1, o (3) onglet_bis."
}
],
"id": "CVE-2010-1595",
"lastModified": "2024-11-21T01:14:45.840",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-04-28T23:30:00.667",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/61942"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/1001-exploits/ocsinventoryng-sqlxss.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38311"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:178"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/61942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/1001-exploits/ocsinventoryng-sqlxss.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38311"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55872"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-05-22 18:30
Modified
2024-11-21 01:03
Severity ?
Summary
The web interface in Open Computer and Software Inventory Next Generation (OCS Inventory NG) 1.01 generates different error messages depending on whether a username is valid, which allows remote attackers to enumerate valid usernames.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ocsinventory-ng | ocs_inventory_ng | 1.01 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "1D9ACDD1-0586-47F1-9421-F4D176BF438E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The web interface in Open Computer and Software Inventory Next Generation (OCS Inventory NG) 1.01 generates different error messages depending on whether a username is valid, which allows remote attackers to enumerate valid usernames."
},
{
"lang": "es",
"value": "La interfaz web en Open Computer and Software Inventory Next Generation (OCS Inventory NG) versi\u00f3n 1.01 genera diferentes mensajes de error dependiendo de si un nombre de usuario es v\u00e1lido, lo que permite a los atacantes remotos enumerar nombres de usuarios v\u00e1lidos."
}
],
"id": "CVE-2009-1769",
"lastModified": "2024-11-21T01:03:18.553",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-05-22T18:30:00.313",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529344"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35157"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35313"
},
{
"source": "cve@mitre.org",
"url": "http://www.ocsinventory-ng.org/index.php?mact=News%2Ccntnt01%2Cdetail%2C0\u0026cntnt01articleid=133\u0026cntnt01returnid=69"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35023"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00050.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00057.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00063.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529344"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35313"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ocsinventory-ng.org/index.php?mact=News%2Ccntnt01%2Cdetail%2C0\u0026cntnt01articleid=133\u0026cntnt01returnid=69"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00050.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00057.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00063.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-10-21 18:55
Modified
2024-11-21 01:31
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in ocsinventory in OCS Inventory NG 2.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ocsinventory-ng | ocs_inventory_ng | * | |
| ocsinventory-ng | ocs_inventory_ng | 1.0 | |
| ocsinventory-ng | ocs_inventory_ng | 1.0 | |
| ocsinventory-ng | ocs_inventory_ng | 1.0 | |
| ocsinventory-ng | ocs_inventory_ng | 1.0 | |
| ocsinventory-ng | ocs_inventory_ng | 1.0 | |
| ocsinventory-ng | ocs_inventory_ng | 1.0 | |
| ocsinventory-ng | ocs_inventory_ng | 1.01 | |
| ocsinventory-ng | ocs_inventory_ng | 1.02 | |
| ocsinventory-ng | ocs_inventory_ng | 1.02 | |
| ocsinventory-ng | ocs_inventory_ng | 1.02 | |
| ocsinventory-ng | ocs_inventory_ng | 1.02 | |
| ocsinventory-ng | ocs_inventory_ng | 1.02.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1905340-2865-45C9-862A-A612F11C2DE8",
"versionEndIncluding": "2.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C9D8DD-6505-4903-9181-26223DA65DD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "CCBDA19C-8B65-4D0D-80B6-3C1E76C5BE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3E915093-BDDA-4A75-A0D0-819246D94249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5CDE845A-A67A-4DCC-BC61-FC64C6943C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "B363C2E6-FAB1-4CED-9C0D-3797AEC814E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:rc3-1:*:*:*:*:*:*",
"matchCriteriaId": "F8B28BF3-C16C-458A-BC9B-23631D2B7623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "1D9ACDD1-0586-47F1-9421-F4D176BF438E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.02:*:*:*:*:*:*:*",
"matchCriteriaId": "2E49644A-ECAA-4B72-9179-464C98B0C2EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.02:rc1:*:*:*:*:*:*",
"matchCriteriaId": "73D26134-3129-432B-AA9E-5062E2792F10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.02:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A113F25A-CC82-428A-AA56-16BBA3D3C736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.02:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C0FCAE6C-0F9F-4B8A-97B4-2EF4ED76C5FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.02.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1B7B35C5-6165-4377-ABC8-3474905F325F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in ocsinventory in OCS Inventory NG 2.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en ocsinventory in OCS Inventory NG v2.0.1 y anteriores permite a atacantes remotos inyectar script de su elecci\u00f3n o HTML a trav\u00e9s de vectores no especificados.\r\n"
}
],
"id": "CVE-2011-4024",
"lastModified": "2024-11-21T01:31:42.933",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-10-21T18:55:01.023",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/76135"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46311"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/8477"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18005"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:053"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.ocsinventory-ng.org/fr/accueil/nouvelles/version-2-0-2-stable.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/50011"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/76135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46311"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8477"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:053"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.ocsinventory-ng.org/fr/accueil/nouvelles/version-2-0-2-stable.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/50011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70406"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-07-09 17:30
Modified
2024-11-21 01:00
Severity ?
Summary
Untrusted search path vulnerability in Agent/Backend.pm in Ocsinventory-Agent before 0.0.9.3, and 1.x before 1.0.1, in OCS Inventory allows local users to gain privileges via a Trojan horse Perl module in an arbitrary directory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ocsinventory-ng | ocs_inventory_ng | 1.0 | |
| ocsinventory-ng | ocs_inventory_ng | 1.0 | |
| ocsinventory-ng | ocs_inventory_ng | 1.0 | |
| ocsinventory-ng | ocs_inventory_ng | 1.0 | |
| ocsinventory-ng | ocs_inventory_ng | 1.0 | |
| ocsinventory-ng | ocs_inventory_ng | 1.0 | |
| ocsinventory-ng | ocsinventory-agent | * | |
| ocsinventory-ng | ocsinventory-agent | 0.05 | |
| ocsinventory-ng | ocsinventory-agent | 0.08 | |
| ocsinventory-ng | ocsinventory-agent | 0.09 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C9D8DD-6505-4903-9181-26223DA65DD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "CCBDA19C-8B65-4D0D-80B6-3C1E76C5BE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3E915093-BDDA-4A75-A0D0-819246D94249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5CDE845A-A67A-4DCC-BC61-FC64C6943C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "B363C2E6-FAB1-4CED-9C0D-3797AEC814E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:rc3-1:*:*:*:*:*:*",
"matchCriteriaId": "F8B28BF3-C16C-458A-BC9B-23631D2B7623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ocsinventory-ng:ocsinventory-agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE80E70E-7BF9-4F74-8B28-130F3B4F2CFF",
"versionEndIncluding": "0.0.9.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ocsinventory-ng:ocsinventory-agent:0.05:*:*:*:*:*:*:*",
"matchCriteriaId": "8EAE7F8C-F2D3-4FE7-8331-C73CD0A65954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ocsinventory-ng:ocsinventory-agent:0.08:*:*:*:*:*:*:*",
"matchCriteriaId": "50959273-4987-402E-B2D6-77D6FD017E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ocsinventory-ng:ocsinventory-agent:0.09:*:*:*:*:*:*:*",
"matchCriteriaId": "41F504A6-777B-41D0-99C0-FAD3EDD18DAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Agent/Backend.pm in Ocsinventory-Agent before 0.0.9.3, and 1.x before 1.0.1, in OCS Inventory allows local users to gain privileges via a Trojan horse Perl module in an arbitrary directory."
},
{
"lang": "es",
"value": "Vulnerabilidad de ruta de b\u00fasqueda no confiable en Agent/Backend.pm en Ocsinventory-Agent anterior a v0.0.9.3, y v1.x anterior a v1.0.1, en OCS Inventory, permite a usuarios locales obtener privilegios a trav\u00e9s de un m\u00f3dulo de pearl que es un troyano en cualquier directorio."
}
],
"id": "CVE-2009-0667",
"lastModified": "2024-11-21T01:00:38.970",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-07-09T17:30:00.377",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506416"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://nana.rulezlan.org/~goneri/ocsinventory-agent/Ocsinventory-Agent-0.0.9.3.tar.gz"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/55718"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35727"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35768"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://security.debian.org/pool/updates/main/o/ocsinventory-agent/ocsinventory-agent_0.0.9.2repack1-4lenny1.diff.gz"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2009/dsa-1828"
},
{
"source": "cve@mitre.org",
"url": "http://www.ocsinventory-ng.org/index.php?mact=News%2Ccntnt01%2Cdetail%2C0\u0026cntnt01articleid=144"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/35593"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1809"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506416"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://nana.rulezlan.org/~goneri/ocsinventory-agent/Ocsinventory-Agent-0.0.9.3.tar.gz"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/55718"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35727"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35768"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://security.debian.org/pool/updates/main/o/ocsinventory-agent/ocsinventory-agent_0.0.9.2repack1-4lenny1.diff.gz"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2009/dsa-1828"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ocsinventory-ng.org/index.php?mact=News%2Ccntnt01%2Cdetail%2C0\u0026cntnt01articleid=144"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/35593"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1809"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-05-06 12:47
Modified
2024-11-21 01:15
Severity ?
Summary
Multiple SQL injection vulnerabilities in OCS Inventory NG before 1.02.3 allow remote attackers to execute arbitrary SQL commands via (1) multiple inventory fields to the search form, reachable through index.php; or (2) the "Software name" field to the "All softwares" search form, reachable through index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ocsinventory-ng | ocs_inventory_ng | * | |
| ocsinventory-ng | ocs_inventory_ng | 1.0 | |
| ocsinventory-ng | ocs_inventory_ng | 1.0 | |
| ocsinventory-ng | ocs_inventory_ng | 1.0 | |
| ocsinventory-ng | ocs_inventory_ng | 1.0 | |
| ocsinventory-ng | ocs_inventory_ng | 1.0 | |
| ocsinventory-ng | ocs_inventory_ng | 1.01 | |
| ocsinventory-ng | ocs_inventory_ng | 1.02 | |
| ocsinventory-ng | ocs_inventory_ng | 1.02 | |
| ocsinventory-ng | ocs_inventory_ng | 1.02 | |
| ocsinventory-ng | ocs_inventory_ng | 1.02 | |
| ocsinventory-ng | ocs_inventory_ng | 1.02 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92DB2ED9-8024-4EC1-8595-D47DF8219D62",
"versionEndIncluding": "1.02.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "CCBDA19C-8B65-4D0D-80B6-3C1E76C5BE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3E915093-BDDA-4A75-A0D0-819246D94249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5CDE845A-A67A-4DCC-BC61-FC64C6943C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "B363C2E6-FAB1-4CED-9C0D-3797AEC814E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:rc3-1:*:*:*:*:*:*",
"matchCriteriaId": "F8B28BF3-C16C-458A-BC9B-23631D2B7623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "1D9ACDD1-0586-47F1-9421-F4D176BF438E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.02:*:*:*:*:*:*:*",
"matchCriteriaId": "2E49644A-ECAA-4B72-9179-464C98B0C2EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.02:*:unix:*:*:*:*:*",
"matchCriteriaId": "1C4201BC-7C0A-4B66-9ECD-A395A5012AC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.02:rc1:*:*:*:*:*:*",
"matchCriteriaId": "73D26134-3129-432B-AA9E-5062E2792F10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.02:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A113F25A-CC82-428A-AA56-16BBA3D3C736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.02:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C0FCAE6C-0F9F-4B8A-97B4-2EF4ED76C5FF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in OCS Inventory NG before 1.02.3 allow remote attackers to execute arbitrary SQL commands via (1) multiple inventory fields to the search form, reachable through index.php; or (2) the \"Software name\" field to the \"All softwares\" search form, reachable through index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en OCS Inventory NG anterior v1.02.3 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de (1) m\u00faltiples campos inventariados en el formulario search, alcanzables por index.php; (2) el campo \"Software name\" en \"All softwares\" del formulario search, alcanzable por index.php. NOTa: el origen de esta informaci\u00d3n es desconocido, los detalles se han obtenido de terceras partes solamente."
}
],
"id": "CVE-2010-1733",
"lastModified": "2024-11-21T01:15:05.110",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-05-06T12:47:23.800",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/61942"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38311"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:178"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55873"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/61942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38311"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55873"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-09-01 18:30
Modified
2024-11-21 01:06
Severity ?
Summary
SQL injection vulnerability in machine.php in Open Computer and Software (OCS) Inventory NG 1.02.1 allows remote attackers to execute arbitrary SQL commands via the systemid parameter, a different vector than CVE-2009-3040.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ocsinventory-ng | ocs_inventory_ng | 1.02.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.02.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1B7B35C5-6165-4377-ABC8-3474905F325F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in machine.php in Open Computer and Software (OCS) Inventory NG 1.02.1 allows remote attackers to execute arbitrary SQL commands via the systemid parameter, a different vector than CVE-2009-3040."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en machine.php en Open Computer and Software (OCS) Inventory NG v1.02.1 permite a atacantes remotos ejecutar comandos SQL a su elecci\u00f3n a trav\u00e9s del par\u00e1metro systemid, un vector diferente que CVE-2009-3040."
}
],
"id": "CVE-2009-3042",
"lastModified": "2024-11-21T01:06:22.667",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-09-01T18:30:04.967",
"references": [
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2009/Aug/0143.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35311"
},
{
"source": "cve@mitre.org",
"url": "http://www.exploit-db.com/exploits/9416"
},
{
"source": "cve@mitre.org",
"url": "http://www.ocsinventory-ng.org/index.php?mact=News%2Ccntnt01%2Cdetail%2C0\u0026cntnt01articleid=147\u0026cntnt01returnid=15"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/505675/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2009/Aug/0143.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35311"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/9416"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ocsinventory-ng.org/index.php?mact=News%2Ccntnt01%2Cdetail%2C0\u0026cntnt01articleid=147\u0026cntnt01returnid=15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/505675/100/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-04-28 23:30
Modified
2024-11-21 01:14
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers to inject arbitrary web script or HTML via (1) the query string, (2) the BASE parameter, or (3) the ega_1 parameter. NOTE: some of these details are obtained from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ocsinventory-ng | ocs_inventory_ng | 1.02.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.02.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1B7B35C5-6165-4377-ABC8-3474905F325F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers to inject arbitrary web script or HTML via (1) the query string, (2) the BASE parameter, or (3) the ega_1 parameter. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en ocsreports/index.php en OCS Inventory NG v1.02.1 permite a atacantes remotos inyectar c\u00f3digo web o HTML de su elecci\u00f3n a trav\u00e9s de la cadena de la pregunta (2) el par\u00e1metro BASE, o (3) el par\u00e1metro ega_1 parameter. NOTA: algunos de estos detalles han sido obtenidos a partir de terceros."
}
],
"id": "CVE-2010-1594",
"lastModified": "2024-11-21T01:14:45.707",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-04-28T23:30:00.637",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/61943"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/1001-exploits/ocsinventoryng-sqlxss.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38311"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:178"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55874"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/61943"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/1001-exploits/ocsinventoryng-sqlxss.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38311"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55874"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-27 19:30
Modified
2024-11-21 01:02
Severity ?
Summary
Multiple unspecified vulnerabilities in the Server component in OCS Inventory NG before 1.02 have unknown impact and attack vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ocsinventory-ng | ocs_inventory_ng | * | |
| ocsinventory-ng | ocs_inventory_ng | 1.0 | |
| ocsinventory-ng | ocs_inventory_ng | 1.0 | |
| ocsinventory-ng | ocs_inventory_ng | 1.0 | |
| ocsinventory-ng | ocs_inventory_ng | 1.0 | |
| ocsinventory-ng | ocs_inventory_ng | 1.0 | |
| ocsinventory-ng | ocs_inventory_ng | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "348E1D9C-D9E9-4258-A5FB-7B4D11A949EF",
"versionEndIncluding": "1.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C9D8DD-6505-4903-9181-26223DA65DD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "CCBDA19C-8B65-4D0D-80B6-3C1E76C5BE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3E915093-BDDA-4A75-A0D0-819246D94249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5CDE845A-A67A-4DCC-BC61-FC64C6943C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "B363C2E6-FAB1-4CED-9C0D-3797AEC814E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:rc3-1:*:*:*:*:*:*",
"matchCriteriaId": "F8B28BF3-C16C-458A-BC9B-23631D2B7623",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in the Server component in OCS Inventory NG before 1.02 have unknown impact and attack vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades no especificadas en el componente de servidor de OCS Inventory NG antes de v1.02 tienen un impacto y unos vectores de ataque desconocidos."
}
],
"id": "CVE-2009-1443",
"lastModified": "2024-11-21T01:02:28.480",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-27T19:30:00.203",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34763"
},
{
"source": "cve@mitre.org",
"url": "http://www.ocsinventory-ng.org/index.php?mact=News%2Ccntnt01%2Cdetail%2C0\u0026cntnt01articleid=133\u0026cntnt01returnid=51"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34694"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34763"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ocsinventory-ng.org/index.php?mact=News%2Ccntnt01%2Cdetail%2C0\u0026cntnt01articleid=133\u0026cntnt01returnid=51"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1152"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-06-22 20:30
Modified
2024-11-21 01:04
Severity ?
Summary
Absolute path traversal vulnerability in cvs.php in OCS Inventory NG before 1.02.1 on Unix allows remote attackers to read arbitrary files via a full pathname in the log parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ocsinventory-ng | ocs_inventory_ng | * | |
| ocsinventory-ng | ocs_inventory_ng | 1.0 | |
| ocsinventory-ng | ocs_inventory_ng | 1.0 | |
| ocsinventory-ng | ocs_inventory_ng | 1.0 | |
| ocsinventory-ng | ocs_inventory_ng | 1.0 | |
| ocsinventory-ng | ocs_inventory_ng | 1.0 | |
| ocsinventory-ng | ocs_inventory_ng | 1.0 | |
| ocsinventory-ng | ocs_inventory_ng | 1.01 | |
| ocsinventory-ng | ocs_inventory_ng | 1.02 | |
| ocsinventory-ng | ocs_inventory_ng | 1.02 | |
| ocsinventory-ng | ocs_inventory_ng | 1.02 | |
| unix | unix | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C51BBFA-8405-4499-A743-8458318281F2",
"versionEndIncluding": "1.02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C9D8DD-6505-4903-9181-26223DA65DD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "CCBDA19C-8B65-4D0D-80B6-3C1E76C5BE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3E915093-BDDA-4A75-A0D0-819246D94249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5CDE845A-A67A-4DCC-BC61-FC64C6943C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "B363C2E6-FAB1-4CED-9C0D-3797AEC814E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.0:rc3-1:*:*:*:*:*:*",
"matchCriteriaId": "F8B28BF3-C16C-458A-BC9B-23631D2B7623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "1D9ACDD1-0586-47F1-9421-F4D176BF438E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.02:rc1:*:*:*:*:*:*",
"matchCriteriaId": "73D26134-3129-432B-AA9E-5062E2792F10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.02:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A113F25A-CC82-428A-AA56-16BBA3D3C736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.02:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C0FCAE6C-0F9F-4B8A-97B4-2EF4ED76C5FF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:unix:unix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7A7C398-5356-45D6-AA5C-53E63BC88DCA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Absolute path traversal vulnerability in cvs.php in OCS Inventory NG before 1.02.1 on Unix allows remote attackers to read arbitrary files via a full pathname in the log parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio absoluto en cvs.php en OCS Inventory NG versiones anteriores a v1.02.1 para Unix permite a atacantes remotos leer ficheros de su elecci\u00f3n indicando la ruta de directorio completa en el par\u00e1metro \"log\"."
}
],
"id": "CVE-2009-2166",
"lastModified": "2024-11-21T01:04:16.853",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-06-22T20:30:00.297",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.leidecker.info/advisories/2009-05-30-ocs_inventory_ng_directory_traversal.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/504047/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50946"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/8868"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.leidecker.info/advisories/2009-05-30-ocs_inventory_ng_directory_traversal.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/504047/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50946"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/8868"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}