exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 1 of 1 RSS Feed

Files

Mandriva Linux Security Advisory 2010-178
Posted Sep 13, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-178 - Multiple cross-site scripting vulnerabilities in ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers to inject arbitrary web script or HTML via the BASE parameter, or the ega_1 parameter. Multiple SQL injection vulnerabilities in ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers to execute arbitrary SQL commands via the onglet_bis parameter. Multiple SQL injection vulnerabilities in OCS Inventory NG before 1.02.3 allow remote attackers to execute arbitrary SQL commands via multiple inventory fields to the search form, reachable through index.php; or the Software name field to the All softwares search form, reachable through index.php. This upgrade provides ocsinventory 1.02.3 which is not vulnerable for these security issues.

tags | advisory, remote, web, arbitrary, php, vulnerability, xss, sql injection
systems | linux, mandriva
advisories | CVE-2010-1594, CVE-2010-1595, CVE-2010-1733
SHA-256 | 19df69fd0b6fc78d0eb1f22f8fb7cd641e0faec36e078fad506d36840509ea82
Page 1 of 1
Back1Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close