169 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-22675
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary...
CVE-2026-22675
OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue agents or craft...
CVE-2026-22675
OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue agents or craft...
CVE-2026-22675 OCS Inventory NG Server Stored XSS via User-Agent
OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue agents or craft...
CVE-2023-53947 OCS Inventory NG 2.3.0.0 Unquoted Service Path Privilege Escalation
OCS Inventory NG 2.3.0.0 contains an unquoted service path vulnerability that allows local attackers to escalate privileges to system level. Attackers can place a malicious executable in the unquoted service path and trigger the service restart to execute code with elevated system privileges...
CVE-2023-53947 OCS Inventory NG 2.3.0.0 Unquoted Service Path Privilege Escalation
OCS Inventory NG 2.3.0.0 contains an unquoted service path vulnerability that allows local attackers to escalate privileges to system level. Attackers can place a malicious executable in the unquoted service path and trigger the service restart to execute code with elevated system privileges...
PT-2025-52518
Name of the Vulnerable Software and Affected Versions OCS Inventory NG version 2.3.0.0 Description The software contains an unquoted service path vulnerability. This allows local attackers to escalate privileges to system level. Attackers can place a malicious executable in the unquoted service...
EUVD-2010-1753
Malware in sbrugna...
EUVD-2009-1441
Malware in sbrugna...
EUVD-2010-1621
Malware in sbrugna...
EUVD-2010-1620
Malware in sbrugna...
EUVD-2009-2162
Malware in sbrugna...
EUVD-2018-7413
Malware in sbrugna...
EUVD-2009-1764
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2014-4722
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple cross-site scripting XSS vulnerabilities in the OCS Reports Web Interface in OCS Inventory NG allow remote attackers to inject arbitrary web script or...
CVE-2020-14947
OCS Inventory NG 2.7 allows Remote Command Execution via shell metacharacters to require/commandLine/CommandLine.php because mibfile in plugins/mainsections/msconfig/mssnmpconfig.php is mishandled in getmiboid...
OCS Inventory NG 2.3.0.0 - Unquoted Service Path Vulnerability
Exploit Title: OCS Inventory NG 2.3.0.0 - Unquoted Service Path Exploit Author: msd0pe Vendor Homepage: https://oscinventory-ng.org Software Link: https://github.com/OCSInventory-NG/WindowsAgent My Github: https://github.com/msd0pe-1 Fixed in version 2.3.1.0 OCS Inventory NG Windows Agent: Versio...
OCS Inventory NG 2.3.0.0 - Unquoted Service Path
Exploit Title: OCS Inventory NG 2.3.0.0 - Unquoted Service Path Date: 2023/04/21 Exploit Author: msd0pe Vendor Homepage: https://oscinventory-ng.org Software Link: https://github.com/OCSInventory-NG/WindowsAgent My Github: https://github.com/msd0pe-1 Fixed in version 2.3.1.0 OCS Inventory NG...
OCS Inventory NG < 2.9.2 XSS Vulnerability
OCS Inventory NG is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
OCS Inventory NG CommandLine.php Command Injection (CVE-2020-14947)
A command injection vulnerability exists in OCS Inventory NG. The vulnerability is due to insufficient input validation in the CommandLine.php...