Lucene search
K

2698 matches found

OSV
OSV
added 2024/04/25 4:44 p.m.35 views

CVE-2024-28241 GlPI-Agent MSI package installation doesn't update folder security profile when using non default installation folder

The GLPI Agent is a generic management agent. Prior to version 1.7.2, a local user can modify GLPI-Agent code or used DLLs to modify agent logic and even gain higher privileges. Users should upgrade to GLPI-Agent 1.7.2 to receive a patch. As a workaround, use the default installation folder which...

7.3CVSS7.5AI score0.00217EPSS
Exploits0References4
CVE
CVE
added 2024/04/25 4:37 p.m.73 views

CVE-2024-28240

GLPI-Agent (Windows MSI install) is affected by CVE-2024-28240. A local user can cause denial of service by replacing the GLPI server URL or disabling the agent service, and if the Deploy task is installed, can trigger privilege escalation by configuring a malicious server with its own deploy tas...

7.8CVSS6.9AI score0.00224EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/04/25 4:37 p.m.43 views

CVE-2024-28240 GLPI-Agent's MSI package installation permits local users to change Agent configuration

The GLPI Agent is a generic management agent. A vulnerability that only affects GLPI-Agent installed on windows via MSI packaging can allow a local user to cause denial of agent service by replacing GLPI server url with a wrong url or disabling the service. Additionally, in the case the Deploy ta...

7.3CVSS7.4AI score0.00224EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/04/25 4:37 p.m.22 views

CVE-2024-28240 GLPI-Agent's MSI package installation permits local users to change Agent configuration

The GLPI Agent is a generic management agent. A vulnerability that only affects GLPI-Agent installed on windows via MSI packaging can allow a local user to cause denial of agent service by replacing GLPI server url with a wrong url or disabling the service. Additionally, in the case the Deploy ta...

7.3CVSS7AI score0.00224EPSS
Exploits0References2
OSV
OSV
added 2024/04/25 4:37 p.m.38 views

CVE-2024-28240 GLPI-Agent's MSI package installation permits local users to change Agent configuration

The GLPI Agent is a generic management agent. A vulnerability that only affects GLPI-Agent installed on windows via MSI packaging can allow a local user to cause denial of agent service by replacing GLPI server url with a wrong url or disabling the service. Additionally, in the case the Deploy ta...

7.3CVSS7.4AI score0.00224EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/04/25 12:0 a.m.4 views

GLPI 安全漏洞

GLPI is an open source IT and asset management software from an individual developer. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner...

7.8CVSS6.4AI score0.00224EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/04/25 12:0 a.m.8 views

PT-2024-4812 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: GLPI-Agent versions prior to 1.7.2 Description: A vulnerability in the GLPI-Agent, specifically affecting installations on Windows via MSI packaging, allows a local user to cause a denial of service by replacing the GLPI server URL with an...

7.8CVSS7.2AI score0.00224EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/04/25 12:0 a.m.5 views

GLPI 安全漏洞

GLPI is an open source IT and asset management software from an individual developer. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner...

7.8CVSS6.7AI score0.00217EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/04/25 12:0 a.m.7 views

PT-2024-22356 · Unknown +1 · Glpi Agent +1

Name of the Vulnerable Software and Affected Versions: GLPI Agent versions prior to 1.7.2 Description: A local user can modify the GLPI-Agent code or used DLLs to modify agent logic and potentially gain higher privileges. Recommendations: For versions prior to 1.7.2, upgrade to GLPI-Agent 1.7.2 t...

7.8CVSS7.3AI score0.00217EPSS
Exploits0References8
GithubExploit
GithubExploit
added 2024/04/24 6:39 a.m.518 views

Exploit for Injection in Glpi-Project Glpi

It is an offensive tool for GLPI, a proof-of-concept exploit for...

9.8CVSS10AI score0.99628EPSS
Exploits13
GithubExploit
GithubExploit
added 2024/04/24 6:39 a.m.220 views

Exploit for Injection in Glpi-Project Glpi

It is an offensive tool for GLPI. This repository contains a pro...

9.8CVSS10AI score0.99628EPSS
Exploits13
Tenable Nessus
Tenable Nessus
added 2024/04/24 12:0 a.m.24 views

FreeBSD : GLPI -- multiple vulnerabilities (faccf131-00d9-11ef-92b7-589cfc023192)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the faccf131-00d9-11ef-92b7-589cfc023192 advisory. - GLPI is a Free Asset and IT Management Software package. When authentication is made against...

8.1CVSS7AI score0.00886EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/04/24 12:0 a.m.25 views

FreeBSD : GLPI -- multiple vulnerabilities (ed688880-00c4-11ef-92b7-589cfc023192)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ed688880-00c4-11ef-92b7-589cfc023192 advisory. - GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prio...

9.8CVSS8.9AI score0.67107EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/04/24 12:0 a.m.26 views

FreeBSD : GLPI -- multiple vulnerabilities (bb49f1fa-00da-11ef-92b7-589cfc023192)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the bb49f1fa-00da-11ef-92b7-589cfc023192 advisory. - GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Servic...

9.6CVSS5.9AI score0.62712EPSS
Exploits2References8
FreeBSD
FreeBSD
added 2024/04/03 12:0 a.m.38 views

GLPI -- multiple vulnerabilities

GLPI team reports: GLPI 10.0.15 Changelog SECURITY - high Authenticated SQL injection from map search CVE-2024-31456 SECURITY - high Account takeover via SQL Injection in saved searches feature CVE-2024-29889...

8.1CVSS9AI score0.63212EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/04/01 12:0 a.m.6 views

The vulnerability of software for managing assets and data centers in GLPI lies in the insufficient protection of SQL queries, allowing attackers to execute arbitrary SQL queries.

The vulnerability of software for managing assets and data centers in GLPI is related to the implementation of SQL code through administrative control of information panels. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

9.1CVSS8.2AI score0.00576EPSS
Exploits0References4Affected Software2
Redos
Redos
added 2024/03/28 12:0 a.m.27 views

ROS-20240328-01

GLPI's asset management and data center management software vulnerability is related to the SQL code injection through administration of dashboards. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary SQL queries...

9.1CVSS8.5AI score0.00576EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/03/25 12:0 a.m.5 views

The vulnerability of the GLPI system for managing requests, incidents, and inventory of computer equipment, related to deficiencies in authorization procedures, allows unauthorized users to gain access to protected information.

The vulnerability of the GLPI system for requests, incidents, and inventory management is related to deficiencies in authorization procedures. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...

6.8CVSS5.5AI score0.01139EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2024/03/18 5:15 p.m.19 views

CVE-2024-27914

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI administrator in order to exploit a reflected XSS vulnerability. The XSS will only trigger if...

6.1CVSS5.5AI score0.00815EPSS
Exploits0References3
NVD
NVD
added 2024/03/18 5:15 p.m.19 views

CVE-2024-27104

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. A user with rights to create and share dashboards can build a dashboard containing javascript code. Any user that will open this dashboard will be subject t...

4.8CVSS4.8AI score0.00665EPSS
Exploits0References3
Rows per page
Query Builder