Lucene search
K

2698 matches found

exploitpack
exploitpack
added 2014/12/15 12:0 a.m.92 views

GLPI 0.85 - Blind SQL Injection

GLPI 0.85 - Blind SQL Injection Exploit Title: GLPI 0.85 Blind SQL Injection Date: 28-11-2014 Exploit Author: Kacper Szurek - http://security.szurek.pl/ http://twitter.com/KacperSzurek Software Link: https://forge.indepnet.net/attachments/download/1899/glpi-0.85.tar.gz CVE: CVE-2014-9258 Category...

6.5CVSS0.2AI score0.03167EPSS
Exploits4
Exploit DB
Exploit DB
added 2014/12/15 12:0 a.m.53 views

GLPI 0.85 - Blind SQL Injection

Exploit Title: GLPI 0.85 Blind SQL Injection Date: 28-11-2014 Exploit Author: Kacper Szurek - http://security.szurek.pl/ http://twitter.com/KacperSzurek Software Link: https://forge.indepnet.net/attachments/download/1899/glpi-0.85.tar.gz CVE: CVE-2014-9258 Category: webapps 1. Description...

6.5CVSS6.4AI score0.03167EPSS
Exploits4
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.82 views

GLPI install.php Remote Command Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

6.8CVSS0.3AI score0.07855EPSS
Exploits11
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.7 views

GLPI 0.83.8 - Multiple Vulnerabilities

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.9 views

GLPI 0.83.9 'unserialize()' Function Remote Code Execution Vulnerability

No description provided by source. Source: http://www.securityfocus.com/bid/60823/info GLPI is prone to a remote PHP code-execution vulnerability. An attacker can exploit this issue to inject and execute arbitrary PHP code in the context of the affected application. This may facilitate a compromi...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.12 views

GLPI 0.71.3 - Multiple Remote SQL Injection VUlnerabilities

No description provided by source. + Application : GLPI v 0.71.3 + App'z URI : http://glpi-project.org + Bug : Multiple Remote SQL Injections + Author : Zigma + Home : http://NullArea.Net Let's have a look on the Security System GLPI uses : --- \inc\includes.php --- // Security system if isset$PO...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.13 views

GLPI 0.84.1 - Multiple Vulnerabilities

No description provided by source...

7.1AI score
Exploits0
Cvelist
Cvelist
added 2014/05/27 3:0 p.m.35 views

CVE-2013-2225

inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the predefinedfields parameter to front/ticket.form.php...

7.6AI score0.07563EPSS
Exploits2References6
CVE
CVE
added 2014/05/27 3:0 p.m.62 views

CVE-2013-2225

CVE-2013-2225 affects GLPI: inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via _predefined_fields in front/ticket.form.php. OpenVAS/Mageia advisories confirm the issue and indicate a fix was released: upgrade to GLPI 0.83.91 (and patch...

6.4CVSS7.4AI score0.07563EPSS
Exploits2References6Affected Software1
NVD
NVD
added 2014/05/27 2:55 p.m.20 views

CVE-2013-2225

inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the predefinedfields parameter to front/ticket.form.php...

6.4CVSS7.6AI score0.07563EPSS
Exploits2References6
UbuntuCve
UbuntuCve
added 2014/05/27 2:55 p.m.26 views

CVE-2013-2225

inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the predefinedfields parameter to front/ticket.form.php...

6.4CVSS7.2AI score0.07563EPSS
Exploits2References2
Prion
Prion
added 2014/05/27 2:55 p.m.26 views

Code injection

inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the predefinedfields parameter to front/ticket.form.php...

6.4CVSS7.2AI score0.07563EPSS
Exploits2References6Affected Software1
OSV
OSV
added 2014/05/27 2:55 p.m.1 views

UBUNTU-CVE-2013-2225

inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the predefinedfields parameter to front/ticket.form.php...

6.4CVSS7.2AI score0.07563EPSS
Exploits2References3
NVD
NVD
added 2014/05/14 7:55 p.m.17 views

CVE-2013-2226

Multiple SQL injection vulnerabilities in GLPI before 0.83.9 allow remote attackers to execute arbitrary SQL commands via the 1 usersidassign parameter to ajax/ticketassigninformation.php, 2 filename parameter to front/document.form.php, or 3 table parameter to ajax/comments.php...

7.5CVSS8.3AI score0.02768EPSS
Exploits2References3
Prion
Prion
added 2014/05/14 7:55 p.m.21 views

Sql injection

Multiple SQL injection vulnerabilities in GLPI before 0.83.9 allow remote attackers to execute arbitrary SQL commands via the 1 usersidassign parameter to ajax/ticketassigninformation.php, 2 filename parameter to front/document.form.php, or 3 table parameter to ajax/comments.php...

7.5CVSS9.1AI score0.02768EPSS
Exploits2References3Affected Software1
UbuntuCve
UbuntuCve
added 2014/05/14 7:55 p.m.23 views

CVE-2013-2226

Multiple SQL injection vulnerabilities in GLPI before 0.83.9 allow remote attackers to execute arbitrary SQL commands via the 1 usersidassign parameter to ajax/ticketassigninformation.php, 2 filename parameter to front/document.form.php, or 3 table parameter to ajax/comments.php...

7.5CVSS6.2AI score0.02768EPSS
Exploits2References1
OSV
OSV
added 2014/05/14 7:55 p.m.2 views

UBUNTU-CVE-2013-2226

Multiple SQL injection vulnerabilities in GLPI before 0.83.9 allow remote attackers to execute arbitrary SQL commands via the 1 usersidassign parameter to ajax/ticketassigninformation.php, 2 filename parameter to front/document.form.php, or 3 table parameter to ajax/comments.php...

7.5CVSS6.2AI score0.02768EPSS
Exploits2References2
Cvelist
Cvelist
added 2014/05/14 7:0 p.m.48 views

CVE-2013-2226

Multiple SQL injection vulnerabilities in GLPI before 0.83.9 allow remote attackers to execute arbitrary SQL commands via the 1 usersidassign parameter to ajax/ticketassigninformation.php, 2 filename parameter to front/document.form.php, or 3 table parameter to ajax/comments.php...

8.2AI score0.02768EPSS
Exploits2References3
CVE
CVE
added 2014/05/14 7:0 p.m.56 views

CVE-2013-2226

CVE-2013-2226 describes multiple SQL injection vulnerabilities in GLPI before 0.83.9. The root cause is improper sanitation of user input. Affected components/entry points include: (1) ajax/ticketassigninformation.php via the users_id_assign parameter, (2) front/document.form.php via the filename...

7.5CVSS8.1AI score0.02768EPSS
Exploits2References3Affected Software1
Check Point Advisories
Check Point Advisories
added 2013/12/29 12:0 a.m.4 views

GLPI install.php Remote Command Execution (CVE-2013-5696)

A command execution vulnerability has been reported in GLPI...

6.6AI score0.07855EPSS
Exploits11
Rows per page
Query Builder