Lucene search
K

2698 matches found

0day.today
0day.today
added 2015/02/18 12:0 a.m.44 views

GLPI 0.85.2 Shell Upload / Privilege Escalation Vulnerabilities

GLPI versions 0.85 through 0.85.2 suffer from remote shell upload and privilege escalation vulnerabilities. Multiple vulnerabilities have been identified in GLPI http://www.glpi-project.org. 1/ Arbitrary file upload Severity: Important Versions Affected =========== All versions between 0.85 and...

7.6AI score
Exploits0
Packet Storm
Packet Storm
added 2015/02/18 12:0 a.m.54 views

GLPI 0.85.2 Shell Upload / Privilege Escalation

Multiple vulnerabilities have been identified in GLPI http://www.glpi-project.org. 1/ Arbitrary file upload Severity: Important Versions Affected =========== All versions between 0.85 and 0.85.2 Description ======= When an user wants to create a new ticket, he has the possibility to add an...

0.7AI score
Exploits0
OSV
OSV
added 2015/01/09 4:44 p.m.13 views

MGASA-2015-0017 Updated glpi package fixes security vulnerabilities

Updated glpi package fixes security vulnerabilities: Due to a bug in GLPI before 0.84.7, a user without access to cost information can in fact see the information when selecting cost as a search criteria CVE-2014-5032. An issue in GLPI before 0.84.8 may allow arbitrary local files to be included ...

7.5CVSS7.3AI score0.03167EPSS
Exploits4References7
Mageia
Mageia
added 2015/01/09 4:44 p.m.49 views

Updated glpi package fixes security vulnerabilities

Updated glpi package fixes security vulnerabilities: Due to a bug in GLPI before 0.84.7, a user without access to cost information can in fact see the information when selecting cost as a search criteria CVE-2014-5032. An issue in GLPI before 0.84.8 may allow arbitrary local files to be included ...

7.5CVSS7.5AI score0.03167EPSS
Exploits4References6
OpenVAS
OpenVAS
added 2015/01/05 12:0 a.m.34 views

Fedora Update for glpi FEDORA-2014-17508

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.5AI score0.03167EPSS
Exploits4References2
OpenVAS
OpenVAS
added 2015/01/05 12:0 a.m.30 views

Fedora Update for glpi FEDORA-2014-17520

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.5AI score0.03167EPSS
Exploits4References2
OpenVAS
OpenVAS
added 2015/01/05 12:0 a.m.32 views

Fedora Update for glpi FEDORA-2014-17497

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.5AI score0.03167EPSS
Exploits4References2
Tenable Nessus
Tenable Nessus
added 2015/01/02 12:0 a.m.38 views

Fedora 19 : glpi-0.83.9.1-5.fc19 (2014-17508)

fix SQL injection Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable Networ...

6.5CVSS5.6AI score0.03167EPSS
Exploits4References3
Tenable Nessus
Tenable Nessus
added 2015/01/02 12:0 a.m.34 views

Fedora 20 : glpi-0.84.8-3.fc20 (2014-17520)

fix SQL injection Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable Networ...

6.5CVSS5.6AI score0.03167EPSS
Exploits4References3
Tenable Nessus
Tenable Nessus
added 2015/01/02 12:0 a.m.47 views

Fedora 21 : glpi-0.84.8-3.fc21 (2014-17497)

fix SQL injection Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable Networ...

6.5CVSS5.6AI score0.03167EPSS
Exploits4References3
Fedora
Fedora
added 2015/01/01 8:58 a.m.36 views

[SECURITY] Fedora 19 Update: glpi-0.83.9.1-5.fc19

GLPI is the Information Resource-Manager with an additional Administration- Interface. You can use it to build up a database with an inventory for your company computer, software, printers.... It has enhanced functions to make the daily life for the administrators easier, like a job-tracking-syst...

6.5CVSS3AI score0.03167EPSS
Exploits4
Fedora
Fedora
added 2015/01/01 8:56 a.m.30 views

[SECURITY] Fedora 21 Update: glpi-0.84.8-3.fc21

GLPI is the Information Resource-Manager with an additional Administration- Interface. You can use it to build up a database with an inventory for your company computer, software, printers.... It has enhanced functions to make the daily life for the administrators easier, like a job-tracking-syst...

6.5CVSS3AI score0.03167EPSS
Exploits4
Fedora
Fedora
added 2015/01/01 8:54 a.m.83 views

[SECURITY] Fedora 20 Update: glpi-0.84.8-3.fc20

GLPI is the Information Resource-Manager with an additional Administration- Interface. You can use it to build up a database with an inventory for your company computer, software, printers.... It has enhanced functions to make the daily life for the administrators easier, like a job-tracking-syst...

6.5CVSS3AI score0.03167EPSS
Exploits4
NVD
NVD
added 2014/12/19 3:59 p.m.12 views

CVE-2014-9258

SQL injection vulnerability in ajax/getDropdownValue.php in GLPI before 0.85.1 allows remote authenticated users to execute arbitrary SQL commands via the condition parameter...

6.5CVSS7.7AI score0.03167EPSS
Exploits4References10
OSV
OSV
added 2014/12/19 3:59 p.m.3 views

UBUNTU-CVE-2014-9258

SQL injection vulnerability in ajax/getDropdownValue.php in GLPI before 0.85.1 allows remote authenticated users to execute arbitrary SQL commands via the condition parameter...

6.5CVSS6.2AI score0.03167EPSS
Exploits4References7
UbuntuCve
UbuntuCve
added 2014/12/19 3:59 p.m.21 views

CVE-2014-9258

SQL injection vulnerability in ajax/getDropdownValue.php in GLPI before 0.85.1 allows remote authenticated users to execute arbitrary SQL commands via the condition parameter...

6.5CVSS6.2AI score0.03167EPSS
Exploits4References6
Prion
Prion
added 2014/12/19 3:59 p.m.19 views

Sql injection

SQL injection vulnerability in ajax/getDropdownValue.php in GLPI before 0.85.1 allows remote authenticated users to execute arbitrary SQL commands via the condition parameter...

6.5CVSS8.4AI score0.03167EPSS
Exploits4References10Affected Software1
Cvelist
Cvelist
added 2014/12/19 3:0 p.m.45 views

CVE-2014-9258

SQL injection vulnerability in ajax/getDropdownValue.php in GLPI before 0.85.1 allows remote authenticated users to execute arbitrary SQL commands via the condition parameter...

7.6AI score0.03167EPSS
Exploits4References10
CVE
CVE
added 2014/12/19 3:0 p.m.74 views

CVE-2014-9258

GLPI vulnerable component: ajax/getDropdownValue.php in GLPI before 0.85.1. Root cause: SQL injection via the condition parameter allowing remote authenticated users to execute arbitrary SQL commands. Impact: partial confidentiality and integrity, as per CVSS context (base score 6.5, medium). Rem...

6.5CVSS7.8AI score0.03167EPSS
Exploits4References10Affected Software1
0day.today
0day.today
added 2014/12/18 12:0 a.m.108 views

GLPI 0.85 - Blind SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: GLPI 0.85 Blind SQL Injection Date: 28-11-2014 Exploit Author: Kacper Szurek - http://security.szurek.pl/ http://twitter.com/KacperSzurek Software Link: https://forge.indepnet.net/attachments/download/1899/glpi-0.85.tar.gz CVE:...

6.5CVSS0.2AI score0.03167EPSS
Exploits4
Rows per page
Query Builder