Skip to main content

Ocsinventory Ng

7 CVEs product

Monthly

CVE-2018-15537 HIGH This Week

Unrestricted file upload (with remote code execution) in OCS Inventory NG ocsreports allows a privileged user to gain access to the server via crafted HTTP requests. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE Ocsinventory Ng
NVD
CVSS 3.0
8.8
EPSS
5.0%
CVE-2018-14473 CRITICAL POC Act Now

OCS Inventory 2.4.1 lacks a proper XML parsing configuration, allowing the use of external entities. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service XXE Ocsinventory Ng
NVD
CVSS 3.0
9.1
EPSS
3.1%
CVE-2018-12483 HIGH POC This Week

OCS Inventory 2.4.1 is prone to a remote command-execution vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Ocsinventory Ng
NVD
CVSS 3.0
8.8
EPSS
3.2%
CVE-2018-12482 HIGH POC This Week

OCS Inventory 2.4.1 contains multiple SQL injections in the search engine. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ocsinventory Ng
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2018-1000558 MEDIUM POC This Month

OCS Inventory NG ocsreports 2.4 and ocsreports 2.3.1 version 2.4 and 2.3.1 contains a SQL Injection vulnerability in web search that can result in An authenticated attacker is able to gain full. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ocsinventory Ng
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-1000557 MEDIUM POC This Month

OCS Inventory OCS Inventory NG version ocsreports 2.4 contains a Cross Site Scripting (XSS) vulnerability in login form and search functionality that can result in An attacker is able to execute. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ocsinventory Ng
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2014-4722 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the OCS Reports Web Interface in OCS Inventory NG allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Ocsinventory Ng
NVD
CVSS 2.0
4.3
EPSS
0.4%
EPSS 5% CVSS 8.8
HIGH This Week

Unrestricted file upload (with remote code execution) in OCS Inventory NG ocsreports allows a privileged user to gain access to the server via crafted HTTP requests. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE Ocsinventory Ng
NVD
EPSS 3% CVSS 9.1
CRITICAL POC Act Now

OCS Inventory 2.4.1 lacks a proper XML parsing configuration, allowing the use of external entities. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service XXE Ocsinventory Ng
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

OCS Inventory 2.4.1 is prone to a remote command-execution vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Ocsinventory Ng
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

OCS Inventory 2.4.1 contains multiple SQL injections in the search engine. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ocsinventory Ng
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

OCS Inventory NG ocsreports 2.4 and ocsreports 2.3.1 version 2.4 and 2.3.1 contains a SQL Injection vulnerability in web search that can result in An authenticated attacker is able to gain full. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ocsinventory Ng
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

OCS Inventory OCS Inventory NG version ocsreports 2.4 contains a Cross Site Scripting (XSS) vulnerability in login form and search functionality that can result in An attacker is able to execute. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ocsinventory Ng
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the OCS Reports Web Interface in OCS Inventory NG allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Ocsinventory Ng
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy