Lucene search
K

6 matches found

0day.today
0day.today
added 2018/08/07 12:0 a.m.63 views

OCS Inventory NG Webconsole Shell Upload Vulnerability

OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are permitted. Title Unrestricted File Upload RCE in OCS Inventory NG Webconsole before 2.5 Reserved CVE...

0.7AI score0.0369EPSS
Exploits2
UbuntuCve
UbuntuCve
added 2018/08/06 9:29 p.m.17 views

CVE-2018-14857

Unrestricted file upload with remote code execution in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are...

8.8CVSS7.4AI score0.0369EPSS
Exploits2References4
OSV
OSV
added 2018/08/06 9:29 p.m.22 views

CVE-2018-14857

Unrestricted file upload with remote code execution in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are...

8.8CVSS7.5AI score
Exploits0References3
Debian CVE
Debian CVE
added 2018/08/06 9:0 p.m.24 views

CVE-2018-14857

Unrestricted file upload with remote code execution in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are...

8.8CVSS9AI score0.0369EPSS
Exploits2
CVE
CVE
added 2018/08/06 9:0 p.m.53 views

CVE-2018-14857

OCS Inventory NG Webconsole (OCS Inventory Server) up to version 2.5 is affected by an Unrestricted file upload vulnerability in require/mail/NotificationMail.php due to allowing file extensions other than .html, enabling a privileged user to upload a PHP template and gain server access. Exploita...

8.8CVSS8.8AI score0.0369EPSS
Exploits2References3Affected Software1
Packet Storm
Packet Storm
added 2018/08/06 12:0 a.m.45 views

OCS Inventory NG Webconsole Shell Upload

Title Unrestricted File Upload RCE in OCS Inventory NG Webconsole before 2.5 Reserved CVE CVE-2018-14857 Vulnerability Overview OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions...

8.8AI score0.0369EPSS
Exploits2
Rows per page
Query Builder