Lucene search
+L

260 matches found

OSV
OSV
added 2020/10/07 7:15 p.m.4 views

UBUNTU-CVE-2020-15177

In GLPI before version 9.5.2, the install/install.php endpoint insecurely stores user input into the database as urlbase and urlbaseapi. These settings are referenced throughout the application and allow for vulnerabilities like Cross-Site Scripting and Insecure Redirection Since authentication i...

8CVSS6.9AI score0.0077EPSS
Exploits0References3
OSV
OSV
added 2020/10/07 7:15 p.m.4 views

UBUNTU-CVE-2020-15175

In GLPI before version 9.5.2, the ​pluginimage.send.php​ endpoint allows a user to specify an image from a plugin. The parameters can be maliciously crafted to instead delete the .htaccess file for the files directory. Any user becomes able to read all the files and folders contained in “/files/”...

9.1CVSS7.3AI score0.71352EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2020/10/07 12:0 a.m.12 views

PT-2020-14249 · Teclib +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 9.5.2 Description: The issue concerns insecure storage of user input into the database as url base and url base api. These settings are used throughout the application, allowing for vulnerabilities such as Cross-Site...

10CVSS6.4AI score0.99628EPSS
Exploits32References126
CNVD
CNVD
added 2020/05/14 12:0 a.m.8 views

Teclib GLPI Trust Management Issues Vulnerability

Teclib GLPI is an open source IT asset management suite from the French company Teclib. The suite includes features such as device status management, asset inventory storage, management processes and work log management. Teclib GLPI is vulnerable to a trust management issue. The vulnerability ste...

7.2CVSS6.9AI score0.01426EPSS
Exploits2References1
UbuntuCve
UbuntuCve
added 2020/05/12 8:15 p.m.23 views

CVE-2020-11062

In GLPI after 0.68.1 and before 9.4.6, multiple reflexive XSS occur in Dropdown endpoints due to an invalid Content-Type. This has been fixed in version 9.4.6...

6CVSS6AI score0.00543EPSS
Exploits0References3
OSV
OSV
added 2020/05/12 8:15 p.m.3 views

UBUNTU-CVE-2020-11060

In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality. Theoretically, this vulnerability can be exploited by an attacker without a valid account by using a CSRF. Due to the difficulty of the exploitation, the attack is only conceivable by an account...

8.8CVSS5.8AI score0.10949EPSS
Exploits7References4
UbuntuCve
UbuntuCve
added 2020/05/12 4:15 p.m.35 views

CVE-2020-5248

GLPI before before version 9.4.6 has a vulnerability involving a default encryption key. GLPIKEY is public and is used on every instance. This means anyone can decrypt sensitive data stored using this key. It is possible to change the key before installing GLPI. But on existing instances, data mu...

7.2CVSS6.1AI score0.01426EPSS
Exploits2References3
CNVD
CNVD
added 2019/07/17 12:0 a.m.5 views

Unspecified Vulnerability in Teclib GLPI

Teclib GLPI is an open source IT asset management suite from the French company Teclib. The suite includes features such as device status management, asset inventory storage, management processes and work log management. A security vulnerability exists in Teclib GLPI version 9.3.1. An attacker...

3.5CVSS6.7AI score0.00718EPSS
Exploits0References1
OSV
OSV
added 2019/03/27 5:29 p.m.5 views

UBUNTU-CVE-2019-10231

Teclib GLPI before 9.4.1.1 is affected by a PHP type juggling vulnerability allowing bypass of authentication. This occurs in Auth::checkPassword inc/auth.class.php...

9.8CVSS7.3AI score0.02088EPSS
Exploits0References3
CNVD
CNVD
added 2018/03/13 12:0 a.m.7 views

GLPI Remote Code Execution Vulnerability

GLPI is an open source IT resource management suite maintained by the Indepnet Association. The suite includes features such as device status management, asset inventory storage, management processes and work log management. A security vulnerability exists in GLPI 9.2.1 and earlier versions. A...

7.5CVSS7.1AI score0.01721EPSS
Exploits0References1
OSV
OSV
added 2018/03/12 9:29 p.m.6 views

UBUNTU-CVE-2018-7562

A remote code execution issue was discovered in GLPI through 9.2.1. There is a race condition that allows temporary access to an uploaded executable file that will be disallowed. The application allows an authenticated user to upload a file when he/she creates a new ticket via front/fileupload.ph...

7.5CVSS7.6AI score0.01721EPSS
Exploits0References4
CNVD
CNVD
added 2017/08/01 12:0 a.m.6 views

GLPI front/backup.php file arbitrary file deletion vulnerability

GLPI is an open source IT resource management suite maintained by the Indepnet Association. The suite includes features such as device status management, asset inventory storage, management processes and work log management. A security vulnerability exists in the front/backup.php file in versions...

5.5CVSS7AI score0.01309EPSS
Exploits0References1
Cvelist
Cvelist
added 2017/07/28 5:0 a.m.29 views

CVE-2017-11183

front/backup.php in GLPI before 9.1.5 allows remote authenticated administrators to delete arbitrary files via a crafted file parameter...

6.8AI score0.01309EPSS
Exploits0References2
OSV
OSV
added 2017/07/20 4:29 a.m.4 views

CVE-2017-11474

GLPI before 9.1.5.1 has SQL Injection in the $crit variable in inc/computersoftwareversion.class.php, exploitable via ajax/common.tabs.php...

9.8CVSS5.8AI score0.01442EPSS
Exploits0References1
OSV
OSV
added 2017/07/20 4:29 a.m.6 views

CVE-2017-11475

GLPI before 9.1.5.1 has SQL Injection in the condition rule field, exploitable via front/rulesengine.test.php...

8.8CVSS5.8AI score0.0121EPSS
Exploits0References1
OSV
OSV
added 2015/10/05 2:59 p.m.5 views

UBUNTU-CVE-2015-7685

GLPI before 0.85.3 allows remote authenticated users to create super-admin accounts by leveraging permissions to create a user and the profilesid parameter to front/user.form.php...

4CVSS5.8AI score0.01674EPSS
Exploits0References5
OSV
OSV
added 2015/10/05 2:59 p.m.6 views

UBUNTU-CVE-2015-7684

Unrestricted file upload in GLPI before 0.85.3 allows remote authenticated users to execute arbitrary code by adding a file with an executable extension as an attachment to a new ticket, then accessing it via a direct request to the file in files/tmp/...

9CVSS6.1AI score0.04137EPSS
Exploits0References5
CNVD
CNVD
added 2015/04/16 12:0 a.m.33 views

GLPI Directory Traversal Vulnerability

GLPI is an open source IT asset management software. A directory traversal vulnerability exists in versions of GLPI prior to 0.84.8. This allows remote attackers to execute arbitrary local files via the getItemForItemtype parameter...

7.5CVSS7.3AI score0.02845EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2015/04/14 6:59 p.m.5 views

CVE-2014-8360

Directory traversal vulnerability in inc/autoload.function.php in GLPI before 0.84.8 allows remote attackers to include and execute arbitrary local files via a .. dot dot underscore in an item type to the getItemForItemtype, as demonstrated by the itemtype parameter in ajax/common.tabs.php...

7.5CVSS6AI score0.02845EPSS
Exploits0References6
Check Point Advisories
Check Point Advisories
added 2013/12/29 12:0 a.m.51 views

GLPI install.php Remote Command Execution (CVE-2013-5696)

A command execution vulnerability has been reported in GLPI...

6.6AI score0.07855EPSS
Exploits11
Rows per page
Query Builder