13 matches found
CVE-2026-22675
OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue agents or craft...
CVE-2026-22675
OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue agents or craft...
CVE-2026-22675 OCS Inventory NG Server Stored XSS via User-Agent
OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue agents or craft...
CVE-2026-22675
OCS Inventory NG Server (versions up to 2.12.3) is affected by a stored XSS in the User-Agent header submitted to the /ocsinventory endpoint. The issue stems from improper sanitization/encoding when rendering user-supplied User-Agent values in the statistics dashboard, enabling arbitrary JavaScri...
PT-2026-30738
OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue agents or craft...
EUVD-2018-6739
Malware in sbrugna...
CVE-2009-1443
Multiple unspecified vulnerabilities in the Server component in OCS Inventory NG before 1.02 have unknown impact and attack vectors...
CVE-2024-23540
CVE-2024-23540 : The HCL BigFix Inventory server is vulnerable to a path traversal flaw that allows an attacker to read internal application files by exploiting improper restrictions on served static files. The vulnerability is mapped to CVSS 3.1: Network, Low attack complexity, Privileges Requir...
DEBIAN-CVE-2018-14857
Unrestricted file upload with remote code execution in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are...
Unrestricted file upload
Unrestricted file upload with remote code execution in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are...
CVE-2018-14857
Unrestricted file upload with remote code execution in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are...
CVE-2018-14857
Unrestricted file upload with remote code execution in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are...
CVE-2018-14857
OCS Inventory NG Webconsole (OCS Inventory Server) up to version 2.5 is affected by an Unrestricted file upload vulnerability in require/mail/NotificationMail.php due to allowing file extensions other than .html, enabling a privileged user to upload a PHP template and gain server access. Exploita...