18 matches found
📄 GLPI Accessible Documents Insecure Direct Object Reference
This Metasploit auxiliary module scans a GLPI installation for improperly exposed documents linked to KnowbaseItem objects via the document.send.php endpoint. The module performs an automated enumeration of docid values within a defined range and attempts to access documents without authenticatio...
Linux Distros Unpatched Vulnerability : CVE-2023-34107
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free asset and IT management software package. Versions of the software starting with 9.2.0 and prior to 10.0.8 have an incorrect rights check on a on...
UBUNTU-CVE-2023-34107
GLPI is a free asset and IT management software package. Versions of the software starting with 9.2.0 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user, allows access to the view all KnowbaseItems. Version 10.0.8 has a patch for this issue...
PT-2023-24678 · Glpi +2 · Glpi +2
Name of the Vulnerable Software and Affected Versions: GLPI versions 9.2.0 through 10.0.7 Description: The issue is related to an incorrect rights check on a file accessible by an authenticated user, allowing access to view all KnowbaseItems. Recommendations: For versions 9.2.0 through 10.0.7,...
Authenticated Reflected XSS on ajax/common.tabs.php
Description There is a reflected XSS vulnerability on ajax/common.tabs.php due to the KnowBase tab not escaping the start parameter properly probably because it's not reflected inside quotes. There was some work into getting the exploit working, due to JQuery's $ not being defined and causing a...
CVE-2021-21324
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 there is an Insecure Direct Object Reference IDOR on "Solutions". This vulnerability gives an unauthorized user the abili...
UBUNTU-CVE-2021-21324
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 there is an Insecure Direct Object Reference IDOR on "Solutions". This vulnerability gives an unauthorized user the abili...
PT-2021-14421 · Glpi +1 · Glpi +1
Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 9.5.4 Description: The issue concerns an Insecure Direct Object Reference IDOR on "Solutions" in GLPI. This allows an unauthorized user to enumerate GLPI items names, including users' logins, using the knowbase search...
GLPI 安全漏洞
GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...
Bitsmith-PS-Knowbase-3.2.3
Personal Knowbase is a program for organizing free-form information using keywords. Build a personal knowledge base of all your notes, messages, and ideas. Store and index your information in one place for easy retrieval using keywords that you choose. The attachment feature even associates disk...
Bitsmith PS Knowbase 3.2.3 - Buffer Overflow Vulnerability
No description provided by source. Title: ====== Bitsmith PS Knowbase 3.2.3 - Buffer Overflow Vulnerability Date: ===== 2012-03-29 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=474 VL-ID: ===== 474 Introduction: ============= Personal Knowbase is a program for...
Bitsmith Software Personal Knowbase knowbase.exe FileOpen Dialogue Local Overflow
The version of Bitsmith Personal Knowledge base installed on the remote Windows host is prior to 3.2.4. It is, therefore, affected by a local buffer overflow vulnerability that can be triggered by specifying an oversized string for a specific registry value. This vulnerability may allow for...
Bitsmith PS Knowbase 3.2.3 - Local Buffer Overflow
Bitsmith PS Knowbase 3.2.3 - Local Buffer Overflow Title: ====== Bitsmith PS Knowbase 3.2.3 - Buffer Overflow Vulnerability Date: ===== 2012-03-29 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=474 VL-ID: ===== 474 Introduction: ============= Personal Knowbase is a...
Bitsmith PS Knowbase 3.2.3 Buffer Overflow
Title: ====== Bitsmith PS Knowbase 3.2.3 - Buffer Overflow Vulnerability Date: ===== 2012-03-29 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=474 VL-ID: ===== 474 Introduction: ============= Personal Knowbase is a program for organizing free-form information using...
Bitsmith PS Knowbase 3.2.3 - Buffer Overflow Vulnerability
Exploit for windows platform in category local exploits Title: ====== Bitsmith PS Knowbase 3.2.3 - Buffer Overflow Vulnerability Introduction: ============= Personal Knowbase is a program for organizing free-form information using keywords. Build a personal knowledge base of all your notes,...
Bitsmith PS Knowbase 3.2.3 - Local Buffer Overflow
Title: ====== Bitsmith PS Knowbase 3.2.3 - Buffer Overflow Vulnerability Date: ===== 2012-03-29 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=474 VL-ID: ===== 474 Introduction: ============= Personal Knowbase is a program for organizing free-form information using...
Bitsmith PS Knowbase 3.2.3 - Buffer Overflow Vulnerability
Document Title: =============== Bitsmith PS Knowbase 3.2.3 - Buffer Overflow Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=474 Release Date: ============= 2012-03-29 Vulnerability Laboratory ID VL-ID: ====================================...
Bitsmith PS Knowbase 3.2.3 - Buffer Overflow Vulnerability
Document Title: =============== Bitsmith PS Knowbase 3.2.3 - Buffer Overflow Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=474 Release Date: ============= 2012-03-29 Vulnerability Laboratory ID VL-ID: ====================================...