Metasploit Wrap-Up 03/28/2025

Windows LPE - Cloud File Mini Filer Driver Heap Overflow This Metasploit release includes an exploit module for CVE-2024-30085, an LPE in cldflt.sys which is known as the Windows Cloud Files Mini Filer Driver. This driver allows users to manage and sync files between a remote server and a local...

CVE-2025-27147

The GLPI Inventory Plugin handles various types of tasks for GLPI agents, including network discovery and inventory SNMP, software deployment, VMWare ESX host remote inventory, and data collection files, Windows registry, WMI. Versions prior to 1.5.0 have an improper access control vulnerability...

The vulnerability of the htmlawed module in the GLPI system for job requests, incidents, and computer equipment inventory allows a hacker to inject arbitrary PHP code.

The vulnerability of the htmlawed module in the GLPI system for job requests, incidents, and computer equipment inventory management is related to incorrect code generation. Exploiting this vulnerability allows a malicious actor to inject arbitrary PHP code remotely...

GLPI Inventory Plugin Unauthenticated Blind Boolean SQLi

GLPI use auxiliary/gather/glpiinventorypluginunauthsqli msf auxiliaryglpiinventorypluginunauthsqli show actions ...actions... msf auxiliaryglpiinventorypluginunauthsqli set ACTION msf auxiliaryglpiinventorypluginunauthsqli show options ...show and set options... msf...

CVE-2025-27147

The GLPI Inventory Plugin handles various types of tasks for GLPI agents, including network discovery and inventory SNMP, software deployment, VMWare ESX host remote inventory, and data collection files, Windows registry, WMI. Versions prior to 1.5.0 have an improper access control vulnerability...

CVE-2025-27147 GLPI Inventory plugin has Improper Access Control Vulnerability

The GLPI Inventory Plugin handles various types of tasks for GLPI agents, including network discovery and inventory SNMP, software deployment, VMWare ESX host remote inventory, and data collection files, Windows registry, WMI. Versions prior to 1.5.0 have an improper access control vulnerability...

CVE-2025-27147 GLPI Inventory plugin has Improper Access Control Vulnerability

The GLPI Inventory Plugin handles various types of tasks for GLPI agents, including network discovery and inventory SNMP, software deployment, VMWare ESX host remote inventory, and data collection files, Windows registry, WMI. Versions prior to 1.5.0 have an improper access control vulnerability...

CVE-2025-27147

The CVE-2025-27147 issue affects the GLPI Inventory Plugin used with GLPI, where versions prior to 1.5.0 contain an improper access control vulnerability. Reported details across connected sources consistently point to an access-control weakness in GLPI Inventory Plugin tasks (network discovery, ...

CVE-2025-27147 GLPI Inventory plugin has Improper Access Control Vulnerability

The GLPI Inventory Plugin handles various types of tasks for GLPI agents, including network discovery and inventory SNMP, software deployment, VMWare ESX host remote inventory, and data collection files, Windows registry, WMI. Versions prior to 1.5.0 have an improper access control vulnerability...

PT-2025-12806 · Glpi +1 · Glpi Inventory Plugin +1

Name of the Vulnerable Software and Affected Versions: GLPI Inventory Plugin versions prior to 1.5.0 Description: The GLPI Inventory Plugin handles various tasks for GLPI agents, including network discovery and inventory, software deployment, and data collection. It has an improper access control...

The vulnerability of the Inventory module in the GLPI system, which handles requests, incidents, and inventory management of computer equipment, allows a hacker to execute arbitrary SQL commands.

The vulnerability of the Inventory module in the GLPI system for job requests, incidents, and computer equipment inventory relates to the improper elimination of special elements used in SQL queries. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands remotely...

March Linux Patch Wednesday

MarchLinux Patch Wednesday. Total vulnerabilities: 1083. 879 in the Linux Kernel. Two vulnerabilities show signs of exploitation in the wild: Code Injection - GLPI CVE-2022-35914. An old vulnerability from CISA KEV, but first patched on March 3 in RedOS Linux. Memory Corruption - Safari...

CVE-2025-24801

GLPI is a free asset and IT management software package. An authenticated user can upload and force the execution of .php files located on the GLPI server. This vulnerability is fixed in 10.0.18...

CVE-2025-21619

GLPI is a free asset and IT management software package. An administrator user can perfom a SQL injection through the rules configuration forms. This vulnerability is fixed in 10.0.18...

CVE-2025-24799

GLPI is a free asset and IT management software package. An unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 10.0.18...

CVE-2025-24801

GLPI is a free asset and IT management software package. An authenticated user can upload and force the execution of .php files located on the GLPI server. This vulnerability is fixed in 10.0.18...

CVE-2025-24799

GLPI is a free asset and IT management software package. An unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 10.0.18...

CVE-2025-21619

GLPI is a free asset and IT management software package. An administrator user can perfom a SQL injection through the rules configuration forms. This vulnerability is fixed in 10.0.18...

UBUNTU-CVE-2025-21619

GLPI is a free asset and IT management software package. An administrator user can perfom a SQL injection through the rules configuration forms. This vulnerability is fixed in 10.0.18...

UBUNTU-CVE-2025-24799

GLPI is a free asset and IT management software package. An unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 10.0.18...