2698 matches found
CVE-2024-28241 GlPI-Agent MSI package installation doesn't update folder security profile when using non default installation folder
The GLPI Agent is a generic management agent. Prior to version 1.7.2, a local user can modify GLPI-Agent code or used DLLs to modify agent logic and even gain higher privileges. Users should upgrade to GLPI-Agent 1.7.2 to receive a patch. As a workaround, use the default installation folder which...
CVE-2024-28240
GLPI-Agent (Windows MSI install) is affected by CVE-2024-28240. A local user can cause denial of service by replacing the GLPI server URL or disabling the agent service, and if the Deploy task is installed, can trigger privilege escalation by configuring a malicious server with its own deploy tas...
CVE-2024-28240 GLPI-Agent's MSI package installation permits local users to change Agent configuration
The GLPI Agent is a generic management agent. A vulnerability that only affects GLPI-Agent installed on windows via MSI packaging can allow a local user to cause denial of agent service by replacing GLPI server url with a wrong url or disabling the service. Additionally, in the case the Deploy ta...
CVE-2024-28240 GLPI-Agent's MSI package installation permits local users to change Agent configuration
The GLPI Agent is a generic management agent. A vulnerability that only affects GLPI-Agent installed on windows via MSI packaging can allow a local user to cause denial of agent service by replacing GLPI server url with a wrong url or disabling the service. Additionally, in the case the Deploy ta...
CVE-2024-28240 GLPI-Agent's MSI package installation permits local users to change Agent configuration
The GLPI Agent is a generic management agent. A vulnerability that only affects GLPI-Agent installed on windows via MSI packaging can allow a local user to cause denial of agent service by replacing GLPI server url with a wrong url or disabling the service. Additionally, in the case the Deploy ta...
GLPI 安全漏洞
GLPI is an open source IT and asset management software from an individual developer. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner...
PT-2024-4812 · Microsoft · Windows
Name of the Vulnerable Software and Affected Versions: GLPI-Agent versions prior to 1.7.2 Description: A vulnerability in the GLPI-Agent, specifically affecting installations on Windows via MSI packaging, allows a local user to cause a denial of service by replacing the GLPI server URL with an...
GLPI 安全漏洞
GLPI is an open source IT and asset management software from an individual developer. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner...
PT-2024-22356 · Unknown +1 · Glpi Agent +1
Name of the Vulnerable Software and Affected Versions: GLPI Agent versions prior to 1.7.2 Description: A local user can modify the GLPI-Agent code or used DLLs to modify agent logic and potentially gain higher privileges. Recommendations: For versions prior to 1.7.2, upgrade to GLPI-Agent 1.7.2 t...
Exploit for Injection in Glpi-Project Glpi
It is an offensive tool for GLPI, a proof-of-concept exploit for...
Exploit for Injection in Glpi-Project Glpi
It is an offensive tool for GLPI. This repository contains a pro...
FreeBSD : GLPI -- multiple vulnerabilities (faccf131-00d9-11ef-92b7-589cfc023192)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the faccf131-00d9-11ef-92b7-589cfc023192 advisory. - GLPI is a Free Asset and IT Management Software package. When authentication is made against...
FreeBSD : GLPI -- multiple vulnerabilities (ed688880-00c4-11ef-92b7-589cfc023192)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ed688880-00c4-11ef-92b7-589cfc023192 advisory. - GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prio...
FreeBSD : GLPI -- multiple vulnerabilities (bb49f1fa-00da-11ef-92b7-589cfc023192)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the bb49f1fa-00da-11ef-92b7-589cfc023192 advisory. - GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Servic...
GLPI -- multiple vulnerabilities
GLPI team reports: GLPI 10.0.15 Changelog SECURITY - high Authenticated SQL injection from map search CVE-2024-31456 SECURITY - high Account takeover via SQL Injection in saved searches feature CVE-2024-29889...
The vulnerability of software for managing assets and data centers in GLPI lies in the insufficient protection of SQL queries, allowing attackers to execute arbitrary SQL queries.
The vulnerability of software for managing assets and data centers in GLPI is related to the implementation of SQL code through administrative control of information panels. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...
ROS-20240328-01
GLPI's asset management and data center management software vulnerability is related to the SQL code injection through administration of dashboards. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary SQL queries...
The vulnerability of the GLPI system for managing requests, incidents, and inventory of computer equipment, related to deficiencies in authorization procedures, allows unauthorized users to gain access to protected information.
The vulnerability of the GLPI system for requests, incidents, and inventory management is related to deficiencies in authorization procedures. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...
CVE-2024-27914
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI administrator in order to exploit a reflected XSS vulnerability. The XSS will only trigger if...
CVE-2024-27104
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. A user with rights to create and share dashboards can build a dashboard containing javascript code. Any user that will open this dashboard will be subject t...