CRITICAL9.1CVE-2018-14473OCS Inventory 2.4.1 lacks a proper XML parsing configuration, allowing the use of external entities. from 0, < 2.5+dfsg-1
HIGH8.8CVE-2018-15537Unrestricted file upload (with remote code execution) in OCS Inventory NG ocsreports allows a privileged user to gain access to the server… from 0
HIGH8.8CVE-2018-14857Unrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory… from 0, < 2.8+dfsg1-1
HIGH8.8OCS Inventory 2.4.1 is prone to a remote command-execution vulnerability.
from 0, < 2.5+dfsg-1
HIGH8.8OCS Inventory 2.4.1 contains multiple SQL injections in the search engine.
from 0, < 2.5+dfsg-1
MEDIUM6.9OCSInventory allow stored email template with special characters that lead to a Stored cross-site Scripting.
from 0
MEDIUM6.5OCS Inventory NG ocsreports 2.4 and ocsreports 2.3.1 version 2.4 and 2.3.1 contains a SQL Injection vulnerability in web search that can re…
from 0, < 2.4.1+dfsg-1
MEDIUM6.1OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers…
from 0
MEDIUM6.1OCS Inventory OCS Inventory NG version ocsreports 2.4 contains a Cross Site Scripting (XSS) vulnerability in login form and search function…
from 0, < 2.4.1+dfsg-1
—Multiple cross-site scripting (XSS) vulnerabilities in the OCS Reports Web Interface in OCS Inventory NG allow remote attackers to inject a…
from 0
—Cross-site scripting (XSS) vulnerability in ocsinventory in OCS Inventory NG 2.0.1 and earlier allows remote attackers to inject arbitrary…
from 0, < 2.0.2-1
—Multiple SQL injection vulnerabilities in OCS Inventory NG before 1.02.3 allow remote attackers to execute arbitrary SQL commands via (1) m…
from 0, < 2.0-1
—Multiple SQL injection vulnerabilities in ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers to execute arbitrary SQL c…
from 0, < 1.02.1-1
—Multiple cross-site scripting (XSS) vulnerabilities in ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers to inject arb…
from 0, < 1.02.1-1
—SQL injection vulnerability in machine.php in Open Computer and Software (OCS) Inventory NG 1.02.1 allows remote attackers to execute arbit…
from 0, < 1.02.1-2
—Multiple SQL injection vulnerabilities in Open Computer and Software (OCS) Inventory NG 1.02 for Unix allow remote attackers to execute arb…
from 0, < 1.02.1-2
—Absolute path traversal vulnerability in cvs.php in OCS Inventory NG before 1.02.1 on Unix allows remote attackers to read arbitrary files…
from 0, < 1.02.1-1
—The web interface in Open Computer and Software Inventory Next Generation (OCS Inventory NG) 1.01 generates different error messages depend…
from 0, < 1.02.1-1
—Multiple unspecified vulnerabilities in the Server component in OCS Inventory NG before 1.02 have unknown impact and attack vectors.
from 0, < 1.02-1