2698 matches found
GLPI 0.85.5 - Arbitrary File Upload Filter Bypass Remote Code Execution
GLPI 0.85.5 - Arbitrary File Upload Filter Bypass Remote Code Execution Exploit Title: GLPI 0.85.5 RCE through file upload filter bypass Date: September 7th, 2015 Exploit Author: Raffaele Forte Vendor Homepage: http://www.glpi-project.org/ Software Link:...
GLPI 0.85.5 - Arbitrary File Upload / Filter Bypass / Remote Code Execution
Exploit Title: GLPI 0.85.5 RCE through file upload filter bypass Date: September 7th, 2015 Exploit Author: Raffaele Forte Vendor Homepage: http://www.glpi-project.org/ Software Link: https://forge.glpi-project.org/attachments/download/2093/glpi-0.85.5.tar.gz Version: GLPI 0.85.5 Tested on: CentOS...
CVE-2015-7685
GLPI before 0.85.3 allows remote authenticated users to create super-admin accounts by leveraging permissions to create a user and the profilesid parameter to front/user.form.php...
CVE-2015-7684
Unrestricted file upload in GLPI before 0.85.3 allows remote authenticated users to execute arbitrary code by adding a file with an executable extension as an attachment to a new ticket, then accessing it via a direct request to the file in files/tmp/...
CVE-2015-7684
Unrestricted file upload in GLPI before 0.85.3 allows remote authenticated users to execute arbitrary code by adding a file with an executable extension as an attachment to a new ticket, then accessing it via a direct request to the file in files/tmp/...
CVE-2015-7685
GLPI before 0.85.3 allows remote authenticated users to create super-admin accounts by leveraging permissions to create a user and the profilesid parameter to front/user.form.php...
Unrestricted file upload
Unrestricted file upload in GLPI before 0.85.3 allows remote authenticated users to execute arbitrary code by adding a file with an executable extension as an attachment to a new ticket, then accessing it via a direct request to the file in files/tmp/...
Code injection
GLPI before 0.85.3 allows remote authenticated users to create super-admin accounts by leveraging permissions to create a user and the profilesid parameter to front/user.form.php...
UBUNTU-CVE-2015-7685
GLPI before 0.85.3 allows remote authenticated users to create super-admin accounts by leveraging permissions to create a user and the profilesid parameter to front/user.form.php...
UBUNTU-CVE-2015-7684
Unrestricted file upload in GLPI before 0.85.3 allows remote authenticated users to execute arbitrary code by adding a file with an executable extension as an attachment to a new ticket, then accessing it via a direct request to the file in files/tmp/...
CVE-2015-7684
GLPI before 0.85.3 is vulnerable to an unrestricted file upload: remote authenticated users can attach an executable file to a ticket and access it via files/_tmp/ to execute arbitrary code. Root cause is improper handling of uploaded attachments allowing direct file access. No patch/version deta...
CVE-2015-7685
GLPI before 0.85.3 allows remote authenticated users to create super-admin accounts by leveraging permissions to create a user and the profilesid parameter to front/user.form.php...
CVE-2015-7685
CVE-2015-7685 affects GLPI before 0.85.3. A remote authenticated user can escalate privileges by abusing the create user path and the _profiles_id parameter in front/user.form.php to create a super-admin account. The root cause is improper handling of permissions when creating users via that form...
CVE-2015-7684
Unrestricted file upload in GLPI before 0.85.3 allows remote authenticated users to execute arbitrary code by adding a file with an executable extension as an attachment to a new ticket, then accessing it via a direct request to the file in files/tmp/...
Fedora Update for glpi FEDORA-2015-4690
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[ MDVSA-2015:167 ] glpi
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:167 http://www.mandriva.com/en/support/security/ Package : glpi Date : March 30, 2015 Affected: Business Server 2.0 Problem Description: Updated glpi package fixes security vulnerabilities: Due to a bug in...
Updated glpi packages fix a security vulnerability
Updated glpi package fixes security vulnerability: Any user who has the rights to create a new user can create a super-admin user...
MGASA-2015-0204 Updated glpi packages fix a security vulnerability
Updated glpi package fixes security vulnerability: Any user who has the rights to create a new user can create a super-admin user...
GLPI Directory Traversal Vulnerability
GLPI is an open source IT asset management software. A directory traversal vulnerability exists in versions of GLPI prior to 0.84.8. This allows remote attackers to execute arbitrary local files via the getItemForItemtype parameter...
CVE-2014-8360
Directory traversal vulnerability in inc/autoload.function.php in GLPI before 0.84.8 allows remote attackers to include and execute arbitrary local files via a .. dot dot underscore in an item type to the getItemForItemtype, as demonstrated by the itemtype parameter in ajax/common.tabs.php...