2698 matches found
GLPI 0.85 - Blind SQL Injection
GLPI 0.85 - Blind SQL Injection Exploit Title: GLPI 0.85 Blind SQL Injection Date: 28-11-2014 Exploit Author: Kacper Szurek - http://security.szurek.pl/ http://twitter.com/KacperSzurek Software Link: https://forge.indepnet.net/attachments/download/1899/glpi-0.85.tar.gz CVE: CVE-2014-9258 Category...
GLPI 0.85 - Blind SQL Injection
Exploit Title: GLPI 0.85 Blind SQL Injection Date: 28-11-2014 Exploit Author: Kacper Szurek - http://security.szurek.pl/ http://twitter.com/KacperSzurek Software Link: https://forge.indepnet.net/attachments/download/1899/glpi-0.85.tar.gz CVE: CVE-2014-9258 Category: webapps 1. Description...
GLPI install.php Remote Command Execution
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...
GLPI 0.83.8 - Multiple Vulnerabilities
No description provided by source...
GLPI 0.83.9 'unserialize()' Function Remote Code Execution Vulnerability
No description provided by source. Source: http://www.securityfocus.com/bid/60823/info GLPI is prone to a remote PHP code-execution vulnerability. An attacker can exploit this issue to inject and execute arbitrary PHP code in the context of the affected application. This may facilitate a compromi...
GLPI 0.71.3 - Multiple Remote SQL Injection VUlnerabilities
No description provided by source. + Application : GLPI v 0.71.3 + App'z URI : http://glpi-project.org + Bug : Multiple Remote SQL Injections + Author : Zigma + Home : http://NullArea.Net Let's have a look on the Security System GLPI uses : --- \inc\includes.php --- // Security system if isset$PO...
GLPI 0.84.1 - Multiple Vulnerabilities
No description provided by source...
CVE-2013-2225
inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the predefinedfields parameter to front/ticket.form.php...
CVE-2013-2225
CVE-2013-2225 affects GLPI: inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via _predefined_fields in front/ticket.form.php. OpenVAS/Mageia advisories confirm the issue and indicate a fix was released: upgrade to GLPI 0.83.91 (and patch...
CVE-2013-2225
inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the predefinedfields parameter to front/ticket.form.php...
CVE-2013-2225
inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the predefinedfields parameter to front/ticket.form.php...
Code injection
inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the predefinedfields parameter to front/ticket.form.php...
UBUNTU-CVE-2013-2225
inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the predefinedfields parameter to front/ticket.form.php...
CVE-2013-2226
Multiple SQL injection vulnerabilities in GLPI before 0.83.9 allow remote attackers to execute arbitrary SQL commands via the 1 usersidassign parameter to ajax/ticketassigninformation.php, 2 filename parameter to front/document.form.php, or 3 table parameter to ajax/comments.php...
Sql injection
Multiple SQL injection vulnerabilities in GLPI before 0.83.9 allow remote attackers to execute arbitrary SQL commands via the 1 usersidassign parameter to ajax/ticketassigninformation.php, 2 filename parameter to front/document.form.php, or 3 table parameter to ajax/comments.php...
CVE-2013-2226
Multiple SQL injection vulnerabilities in GLPI before 0.83.9 allow remote attackers to execute arbitrary SQL commands via the 1 usersidassign parameter to ajax/ticketassigninformation.php, 2 filename parameter to front/document.form.php, or 3 table parameter to ajax/comments.php...
UBUNTU-CVE-2013-2226
Multiple SQL injection vulnerabilities in GLPI before 0.83.9 allow remote attackers to execute arbitrary SQL commands via the 1 usersidassign parameter to ajax/ticketassigninformation.php, 2 filename parameter to front/document.form.php, or 3 table parameter to ajax/comments.php...
CVE-2013-2226
Multiple SQL injection vulnerabilities in GLPI before 0.83.9 allow remote attackers to execute arbitrary SQL commands via the 1 usersidassign parameter to ajax/ticketassigninformation.php, 2 filename parameter to front/document.form.php, or 3 table parameter to ajax/comments.php...
CVE-2013-2226
CVE-2013-2226 describes multiple SQL injection vulnerabilities in GLPI before 0.83.9. The root cause is improper sanitation of user input. Affected components/entry points include: (1) ajax/ticketassigninformation.php via the users_id_assign parameter, (2) front/document.form.php via the filename...
GLPI install.php Remote Command Execution (CVE-2013-5696)
A command execution vulnerability has been reported in GLPI...