Lucene search
K

2698 matches found

exploitpack
exploitpack
added 2015/10/06 12:0 a.m.30 views

GLPI 0.85.5 - Arbitrary File Upload Filter Bypass Remote Code Execution

GLPI 0.85.5 - Arbitrary File Upload Filter Bypass Remote Code Execution Exploit Title: GLPI 0.85.5 RCE through file upload filter bypass Date: September 7th, 2015 Exploit Author: Raffaele Forte Vendor Homepage: http://www.glpi-project.org/ Software Link:...

Exploits0
Exploit DB
Exploit DB
added 2015/10/06 12:0 a.m.36 views

GLPI 0.85.5 - Arbitrary File Upload / Filter Bypass / Remote Code Execution

Exploit Title: GLPI 0.85.5 RCE through file upload filter bypass Date: September 7th, 2015 Exploit Author: Raffaele Forte Vendor Homepage: http://www.glpi-project.org/ Software Link: https://forge.glpi-project.org/attachments/download/2093/glpi-0.85.5.tar.gz Version: GLPI 0.85.5 Tested on: CentOS...

7.4AI score
Exploits0
NVD
NVD
added 2015/10/05 2:59 p.m.17 views

CVE-2015-7685

GLPI before 0.85.3 allows remote authenticated users to create super-admin accounts by leveraging permissions to create a user and the profilesid parameter to front/user.form.php...

4CVSS6.2AI score0.01674EPSS
Exploits0References3
NVD
NVD
added 2015/10/05 2:59 p.m.20 views

CVE-2015-7684

Unrestricted file upload in GLPI before 0.85.3 allows remote authenticated users to execute arbitrary code by adding a file with an executable extension as an attachment to a new ticket, then accessing it via a direct request to the file in files/tmp/...

9CVSS7.3AI score0.04137EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2015/10/05 2:59 p.m.35 views

CVE-2015-7684

Unrestricted file upload in GLPI before 0.85.3 allows remote authenticated users to execute arbitrary code by adding a file with an executable extension as an attachment to a new ticket, then accessing it via a direct request to the file in files/tmp/...

9CVSS6.2AI score0.04137EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2015/10/05 2:59 p.m.27 views

CVE-2015-7685

GLPI before 0.85.3 allows remote authenticated users to create super-admin accounts by leveraging permissions to create a user and the profilesid parameter to front/user.form.php...

4CVSS5.9AI score0.01674EPSS
Exploits0References4
Prion
Prion
added 2015/10/05 2:59 p.m.22 views

Unrestricted file upload

Unrestricted file upload in GLPI before 0.85.3 allows remote authenticated users to execute arbitrary code by adding a file with an executable extension as an attachment to a new ticket, then accessing it via a direct request to the file in files/tmp/...

9CVSS7.8AI score0.04137EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2015/10/05 2:59 p.m.17 views

Code injection

GLPI before 0.85.3 allows remote authenticated users to create super-admin accounts by leveraging permissions to create a user and the profilesid parameter to front/user.form.php...

4CVSS6.8AI score0.01674EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2015/10/05 2:59 p.m.4 views

UBUNTU-CVE-2015-7685

GLPI before 0.85.3 allows remote authenticated users to create super-admin accounts by leveraging permissions to create a user and the profilesid parameter to front/user.form.php...

4CVSS5.8AI score0.01674EPSS
Exploits0References5
OSV
OSV
added 2015/10/05 2:59 p.m.5 views

UBUNTU-CVE-2015-7684

Unrestricted file upload in GLPI before 0.85.3 allows remote authenticated users to execute arbitrary code by adding a file with an executable extension as an attachment to a new ticket, then accessing it via a direct request to the file in files/tmp/...

9CVSS6.1AI score0.04137EPSS
Exploits0References5
CVE
CVE
added 2015/10/05 2:0 p.m.54 views

CVE-2015-7684

GLPI before 0.85.3 is vulnerable to an unrestricted file upload: remote authenticated users can attach an executable file to a ticket and access it via files/_tmp/ to execute arbitrary code. Root cause is improper handling of uploaded attachments allowing direct file access. No patch/version deta...

9CVSS7.6AI score0.04137EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2015/10/05 2:0 p.m.24 views

CVE-2015-7685

GLPI before 0.85.3 allows remote authenticated users to create super-admin accounts by leveraging permissions to create a user and the profilesid parameter to front/user.form.php...

6.2AI score0.01674EPSS
Exploits0References3
CVE
CVE
added 2015/10/05 2:0 p.m.47 views

CVE-2015-7685

CVE-2015-7685 affects GLPI before 0.85.3. A remote authenticated user can escalate privileges by abusing the create user path and the _profiles_id parameter in front/user.form.php to create a super-admin account. The root cause is improper handling of permissions when creating users via that form...

4CVSS6.4AI score0.01674EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2015/10/05 2:0 p.m.29 views

CVE-2015-7684

Unrestricted file upload in GLPI before 0.85.3 allows remote authenticated users to execute arbitrary code by adding a file with an executable extension as an attachment to a new ticket, then accessing it via a direct request to the file in files/tmp/...

7.3AI score0.04137EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2015/07/07 12:0 a.m.8 views

Fedora Update for glpi FEDORA-2015-4690

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
securityvulns
securityvulns
added 2015/05/12 12:0 a.m.71 views

[ MDVSA-2015:167 ] glpi

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:167 http://www.mandriva.com/en/support/security/ Package : glpi Date : March 30, 2015 Affected: Business Server 2.0 Problem Description: Updated glpi package fixes security vulnerabilities: Due to a bug in...

7.5CVSS7.1AI score0.03167EPSS
Exploits4
Mageia
Mageia
added 2015/05/11 8:10 p.m.14 views

Updated glpi packages fix a security vulnerability

Updated glpi package fixes security vulnerability: Any user who has the rights to create a new user can create a super-admin user...

1.3AI score
Exploits0References3
OSV
OSV
added 2015/05/11 8:10 p.m.4 views

MGASA-2015-0204 Updated glpi packages fix a security vulnerability

Updated glpi package fixes security vulnerability: Any user who has the rights to create a new user can create a super-admin user...

7.1AI score
Exploits0References4
CNVD
CNVD
added 2015/04/16 12:0 a.m.4 views

GLPI Directory Traversal Vulnerability

GLPI is an open source IT asset management software. A directory traversal vulnerability exists in versions of GLPI prior to 0.84.8. This allows remote attackers to execute arbitrary local files via the getItemForItemtype parameter...

7.5CVSS7.3AI score0.02845EPSS
Exploits0References1
NVD
NVD
added 2015/04/14 6:59 p.m.22 views

CVE-2014-8360

Directory traversal vulnerability in inc/autoload.function.php in GLPI before 0.84.8 allows remote attackers to include and execute arbitrary local files via a .. dot dot underscore in an item type to the getItemForItemtype, as demonstrated by the itemtype parameter in ajax/common.tabs.php...

7.5CVSS7AI score0.02845EPSS
Exploits0References5
Rows per page
Query Builder