21 matches found
CVE-2018-25192
GPS Tracking System 2.12 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submit crafted POST requests to the login.php endpoint with SQL injection payloads in the username...
Linux Distros Unpatched Vulnerability : CVE-2025-25192
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free asset and IT management software package. Prior to version 10.0.18, a low privileged user can enable debug mode and access sensitive information...
FreeBSD : glpi-project -- GLPI multiple vulnerabilities (c36decbe-3c84-11f0-8d29-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the c36decbe-3c84-11f0-8d29-b42e991fc52e advisory. [email protected] reports: CVE-2024-11955: A vulnerability was found in GLPI up t...
CVE-2022-25192
A cross-site request forgery CSRF vulnerability in Jenkins Snow Commander Plugin 1.10 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2025-25192
GLPI is a free asset and IT management software package. Prior to version 10.0.18, a low privileged user can enable debug mode and access sensitive information. Version 10.0.18 contains a patch. As a workaround, one may delete the install/update.php file...
CVE-2025-25192
creationtimestamp| type| source ---|---|--- 2025-02-25 18:22:35+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/5341 2025-02-25 21:33:59+00:00| seen| https://t.me/cvedetector/18906...
CVE-2025-25192
GLPI is a free asset and IT management software package. Prior to version 10.0.18, a low privileged user can enable debug mode and access sensitive information. Version 10.0.18 contains a patch. As a workaround, one may delete the install/update.php file...
CVE-2025-25192
GLPI is a free asset and IT management software package. Prior to version 10.0.18, a low privileged user can enable debug mode and access sensitive information. Version 10.0.18 contains a patch. As a workaround, one may delete the install/update.php file...
CVE-2025-25192
GLPI prior to 10.0.18 is affected by CVE-2025-25192 where a low-privileged user can enable debug mode and access sensitive information. A patch is included in version 10.0.18; organizations should upgrade to 10.0.18 or later. A workaround mentioned is deleting install/update.php. The vulnerabilit...
CVE-2025-25192 GLPI allows unauthorized access to debug mode
GLPI is a free asset and IT management software package. Prior to version 10.0.18, a low privileged user can enable debug mode and access sensitive information. Version 10.0.18 contains a patch. As a workaround, one may delete the install/update.php file...
CVE-2023-25192
AMI MegaRAC SPX devices allow User Enumeration through Redfish. The fixed versions are SPx12-update-7.00 and SPx13-update-5.00...
CVE-2023-25192
AMI MegaRAC SPX devices are affected by CVE-2023-25192, which enables user enumeration via Redfish. The vulnerability affects SPX family firmware where the issue exists prior to the fixed SPx12-update-7.00 and SPx13-update-5.00 releases. According to Red Hat, NVD, CVE databases, and related advis...
CVE-2023-25192
AMI MegaRAC SPX devices allow User Enumeration through Redfish. The fixed versions are SPx12-update-7.00 and SPx13-update-5.00...
CVE-2023-25192
AMI MegaRAC SPX devices allow User Enumeration through Redfish. The fixed versions are SPx12-update-7.00 and SPx13-update-5.00...
CVE-2022-25192
A cross-site request forgery CSRF vulnerability in Jenkins Snow Commander Plugin 1.10 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-25192
A cross-site request forgery CSRF vulnerability in Jenkins Snow Commander Plugin 1.10 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-25192
CVE-2022-25192 concerns Jenkins Snow Commander Plugin. Affected versions: 1.10 and earlier (and references to 2.0 in the same advisory family). Vulnerability class: CSRF and improper permission checks in form validation that enables an attacker with certain Jenkins permissions to cause the plugin...
CVE-2022-25192
A cross-site request forgery CSRF vulnerability in Jenkins Snow Commander Plugin 1.10 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2020-25192
creationtimestamp| type| source ---|---|--- 2020-12-23 19:25:18+00:00| seen| https://t.me/cibsecurity/21222...
CVE-2019-25192
CVE-2019-25192 entry is rejected/not used as explicitly stated.