5 matches found
CVE-2023-53947
OCS Inventory NG 2.3.0.0 is affected by an unquoted service path vulnerability that enables local privilege escalation. An attacker can place a malicious executable in the unquoted service path and trigger a restart to execute code with SYSTEM privileges. Multiple connected sources corroborate th...
OCS Inventory NG ไปฃ็ ้ฎ้ขๆผๆด
OCS Inventory NG is an open source IT asset management solution. A code issue vulnerability exists in OCS Inventory NG version 2.3.0.0, which stems from unquoted service paths and could lead to elevation of privilege...
PT-2025-52518
Name of the Vulnerable Software and Affected Versions OCS Inventory NG version 2.3.0.0 Description The software contains an unquoted service path vulnerability. This allows local attackers to escalate privileges to system level. Attackers can place a malicious executable in the unquoted service...
CVE-2022-24891
ESAPI The OWASP Enterprise Security API is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the antisamy-esapi.xml configurati...
Design/Logic Flaw
ESAPI The OWASP Enterprise Security API is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of Validator.getValidDirectoryPathString, String, File, boolean may incorrectly treat the tested input string as a child of the specified...