pkg:Debian/ocsinventory-server
19 total CVEsCRITICAL1HIGH4MEDIUM4
✅ Check your installed version
All known vulnerabilities
- CRITICAL9.1CVE-2018-14473OCS Inventory 2.4.1 lacks a proper XML parsing configuration, allowing the use of external entities.from 0, < 2.5+dfsg-1
- HIGH8.8CVE-2018-15537Unrestricted file upload (with remote code execution) in OCS Inventory NG ocsreports allows a privileged user to gain access to the server…from 0
- HIGH8.8CVE-2018-14857Unrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory…from 0, < 2.8+dfsg1-1
- from 0, < 2.5+dfsg-1
- from 0, < 2.5+dfsg-1
- MEDIUM6.9CVE-2023-3726OCSInventory allow stored email template with special characters that lead to a Stored cross-site Scripting.from 0
- MEDIUM6.5CVE-2018-1000558OCS Inventory NG ocsreports 2.4 and ocsreports 2.3.1 version 2.4 and 2.3.1 contains a SQL Injection vulnerability in web search that can re…from 0, < 2.4.1+dfsg-1
- MEDIUM6.1CVE-2026-22675OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers…from 0
- MEDIUM6.1CVE-2018-1000557OCS Inventory OCS Inventory NG version ocsreports 2.4 contains a Cross Site Scripting (XSS) vulnerability in login form and search function…from 0, < 2.4.1+dfsg-1
- —CVE-2014-4722Multiple cross-site scripting (XSS) vulnerabilities in the OCS Reports Web Interface in OCS Inventory NG allow remote attackers to inject a…from 0
- —CVE-2011-4024Cross-site scripting (XSS) vulnerability in ocsinventory in OCS Inventory NG 2.0.1 and earlier allows remote attackers to inject arbitrary…from 0, < 2.0.2-1
- —CVE-2010-1733Multiple SQL injection vulnerabilities in OCS Inventory NG before 1.02.3 allow remote attackers to execute arbitrary SQL commands via (1) m…from 0, < 2.0-1
- —CVE-2010-1595Multiple SQL injection vulnerabilities in ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers to execute arbitrary SQL c…from 0, < 1.02.1-1
- —CVE-2010-1594Multiple cross-site scripting (XSS) vulnerabilities in ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers to inject arb…from 0, < 1.02.1-1
- —CVE-2009-3042SQL injection vulnerability in machine.php in Open Computer and Software (OCS) Inventory NG 1.02.1 allows remote attackers to execute arbit…from 0, < 1.02.1-2
- —CVE-2009-3040Multiple SQL injection vulnerabilities in Open Computer and Software (OCS) Inventory NG 1.02 for Unix allow remote attackers to execute arb…from 0, < 1.02.1-2
- —CVE-2009-2166Absolute path traversal vulnerability in cvs.php in OCS Inventory NG before 1.02.1 on Unix allows remote attackers to read arbitrary files…from 0, < 1.02.1-1
- —CVE-2009-1769The web interface in Open Computer and Software Inventory Next Generation (OCS Inventory NG) 1.01 generates different error messages depend…from 0, < 1.02.1-1
- —CVE-2009-1443Multiple unspecified vulnerabilities in the Server component in OCS Inventory NG before 1.02 have unknown impact and attack vectors.from 0, < 1.02-1