This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Ocsinventory-Ng First view 2014-07-07
Product Ocsinventory Ng Last view 2018-11-29
Version - Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:ocsinventory-ng:ocsinventory_ng

Activity : Overall

Related : CVE

  Date Alert Description
8.8 2018-11-29 CVE-2018-15537

Unrestricted file upload (with remote code execution) in OCS Inventory NG ocsreports allows a privileged user to gain access to the server via crafted HTTP requests.

4.3 2014-07-07 CVE-2014-4722

Multiple cross-site scripting (XSS) vulnerabilities in the OCS Reports Web Interface in OCS Inventory NG allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE : Common Weakness Enumeration

%idName
50% (1) CWE-434 Unrestricted Upload of File with Dangerous Type
50% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')

Nessus® Vulnerability Scanner

id Description
2014-08-08 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2014-156.nasl - Type: ACT_GATHER_INFO
2014-07-21 Name: The remote Fedora host is missing a security update.
File: fedora_2014-8218.nasl - Type: ACT_GATHER_INFO
2014-07-21 Name: The remote Fedora host is missing a security update.
File: fedora_2014-8227.nasl - Type: ACT_GATHER_INFO