OCS Inventory NG
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2009-3042 | 0.03 | — | 0.00 | Sep 1, 2009 | SQL injection vulnerability in machine.php in Open Computer and Software (OCS) Inventory NG 1.02.1 allows remote attackers to execute arbitrary SQL commands via the systemid parameter, a different vector than CVE-2009-3040. | |||
| CVE-2021-46355 | 0.00 | — | 0.00 | Feb 11, 2022 | OCS Inventory 2.9.1 is affected by Cross Site Scripting (XSS). To exploit the vulnerability, the attacker needs to manipulate the name of some device on your computer, such as a printer, replacing the device name with some malicious code that allows the execution of Stored… | |||
| CVE-2018-12483 | 0.00 | — | 0.02 | Aug 3, 2018 | OCS Inventory 2.4.1 is prone to a remote command-execution vulnerability. Specifically, this issue occurs because the content of the ipdiscover_analyser rzo GET parameter is concatenated to a string used in an exec() call in the PHP code. Authentication is needed in order to… | |||
| CVE-2018-12482 | 0.00 | — | 0.02 | Aug 3, 2018 | OCS Inventory 2.4.1 contains multiple SQL injections in the search engine. Authentication is needed in order to exploit the issues. | |||
| CVE-2018-14473 | 0.00 | — | 0.03 | Aug 3, 2018 | OCS Inventory 2.4.1 lacks a proper XML parsing configuration, allowing the use of external entities. This issue can be exploited by an attacker sending a crafted HTTP request in order to exfiltrate information or cause a Denial of Service. |
- CVE-2009-3042Sep 1, 2009risk 0.03cvss —epss 0.00
SQL injection vulnerability in machine.php in Open Computer and Software (OCS) Inventory NG 1.02.1 allows remote attackers to execute arbitrary SQL commands via the systemid parameter, a different vector than CVE-2009-3040.
- CVE-2021-46355Feb 11, 2022risk 0.00cvss —epss 0.00
OCS Inventory 2.9.1 is affected by Cross Site Scripting (XSS). To exploit the vulnerability, the attacker needs to manipulate the name of some device on your computer, such as a printer, replacing the device name with some malicious code that allows the execution of Stored…
- CVE-2018-12483Aug 3, 2018risk 0.00cvss —epss 0.02
OCS Inventory 2.4.1 is prone to a remote command-execution vulnerability. Specifically, this issue occurs because the content of the ipdiscover_analyser rzo GET parameter is concatenated to a string used in an exec() call in the PHP code. Authentication is needed in order to…
- CVE-2018-12482Aug 3, 2018risk 0.00cvss —epss 0.02
OCS Inventory 2.4.1 contains multiple SQL injections in the search engine. Authentication is needed in order to exploit the issues.
- CVE-2018-14473Aug 3, 2018risk 0.00cvss —epss 0.03
OCS Inventory 2.4.1 lacks a proper XML parsing configuration, allowing the use of external entities. This issue can be exploited by an attacker sending a crafted HTTP request in order to exfiltrate information or cause a Denial of Service.