CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Redos•added 2024/08/12 12:0 a.m.•31 views

ROS-20240812-11

The GLPI Agent universal control agent vulnerability involves modifying GLPI-Agent code or allows a DLL to be used to modify the agent's logic. Exploitation of the vulnerability could allow an attacker to privilege escalation...

7.8CVSS7.1AI score0.00217EPSS

Redos•added 2024/08/12 12:0 a.m.•15 views

ROS-20240812-06

A vulnerability in GLPI's asset management and data center software is related to the The introduction of a malicious link by an unauthenticated user. Exploitation of the vulnerability could allow an attacker acting remotely to conduct an XSS attack Vulnerability in GLPI's request, incident and...

9.8CVSS7.3AI score0.49425EPSS

Exploits1

Redos•added 2024/08/12 12:0 a.m.•24 views

ROS-20240812-03

The vulnerability in GLPI's asset and data center management software is related to the the injection of commands into a specific workflow that an agent would run with the privileges it uses privileges. Exploitation of the vulnerability could allow an attacker acting remotely to escalate its...

7.6CVSS7.5AI score0.00799EPSS

Redos•added 2024/07/29 12:0 a.m.•17 views

ROS-20240729-07

Vulnerability in the GLPI request and incident handling system related to improper privilege management. privileges. Exploitation of the vulnerability could allow an attacker acting remotely to steal confidential information Vulnerability in the GLPI reporting plugin is related to improper...

6.8CVSS6.9AI score0.0073EPSS

Redos•added 2024/07/29 12:0 a.m.•26 views

ROS-20240729-03

A vulnerability in the GLPI reports plugin of the GLPI reports system is related to incorrect neutralization of input data during web page generation. neutralization of input data during web page generation. Exploitation of the vulnerability could allow a remote attacker to conduct XSS attacks...

6.1CVSS6.2AI score0.00361EPSS

BDU FSTEC•added 2024/07/29 12:0 a.m.•5 views

The vulnerability of the GLPI system’s handling of requests and incidents arises from the improper neutralization of input data during the generation of web pages. This allows attackers to carry out XSS attacks.

The vulnerability in the GLPI request and incident handling system relates to the improper elimination of input data during the generation of web pages. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks...

6.4CVSS6.4AI score0.00622EPSS

Exploits0References3Affected Software2

BDU FSTEC•added 2024/07/29 12:0 a.m.•3 views

The vulnerability of the GLPI system’s request and incident handling process, related to improper elimination of input data during the generation of web pages, allows a malicious actor to create malicious external links.

The vulnerability of the GLPI system for handling requests and incidents is related to the improper elimination of input data during the generation of the web page. Exploiting this vulnerability allows a malicious actor to create a malicious external link...

4.8CVSS6.1AI score0.0062EPSS

Exploits0References3Affected Software2

10CVSS7.9AI score0.34251EPSS

The vulnerability in the GLPI system’s handling of requests and incidents, related to improper neutralization of special elements used in SQL commands, allows an attacker to carry out an attack based on time, using SQL injections in the REST API user_token.

The vulnerability of the GLPI system for handling requests and incidents is related to the improper neutralization of certain special elements. Exploiting this vulnerability allows a malicious actor to scan server ports or services, and to carry out attacks based on timing, using SQL injections i...

Exploits0References3Affected Software2

9.4CVSS7.1AI score0.00698EPSS

The vulnerability of the GLPI system’s request and incident handling process, related to improper neutralization of special elements used in SQL commands, allows attackers to compromise the integrity of the system.

The vulnerability of the GLPI request and incident handling system lies in the lack of proper validation of input requests within the plugin controller, and the use of low-level plugin APIs for access. Exploitation of this vulnerability could allow a malicious actor to scan server ports or...

BDU FSTEC•added 2024/07/29 12:0 a.m.•6 views

The vulnerability of the GLPI system’s handling of requests and incidents is related to improper cancellation of input data during the generation of web pages. This allows a malicious user to gain unauthorized access to GLPI administrator’s cookie files.

The vulnerability of the GLPI request and incident handling system lies in the fact that the registration key is not properly encrypted on the configuration page for the registration key. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to the...

6.4CVSS7.1AI score0.00538EPSS

5.8CVSS6.8AI score0.00459EPSS

The vulnerability of the GLPI system’s handling of requests and incidents, related to the falsification of requests on the server side, allows a perpetrator to scan the server’s ports or services that are open on the GLPI server or its private network.

The vulnerability of the GLPI request and incident handling system lies in the fact that using RSS channels or an external calendar for planning is vulnerable to an SSRF exploit. Exploiting this vulnerability allows a malicious actor to scan server ports or services that are open on the GLPI serv...

BDU FSTEC•added 2024/07/29 12:0 a.m.•3 views

The vulnerability of the GLPI system’s handling of requests and incidents, related to insufficient protection of user credentials, allows a malicious individual to obtain unauthorized access to the root account’s password.

The vulnerability in the GLPI system’s request and incident handling process is related to an error in passing configuration data via JavaScript. In this error, some records are filtered out, but the ldappass variable is not filtered. Exploiting this vulnerability could allow a remote attacker to...

7.8CVSS7.2AI score0.01221EPSS