CVE-2010-1595
published 2010-04-28CVE-2010-1595: Multiple SQL injection vulnerabilities in ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers to execute arbitrary SQL commands via the (1)…
PriorityP340high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
1.20%
64.3th percentile
Multiple SQL injection vulnerabilities in ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers to execute arbitrary SQL commands via the (1) c, (2) val_1, or (3) onglet_bis parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | ocsinventory-server | < ocsinventory-server 1.02.1-1 (bookworm) | ocsinventory-server 1.02.1-1 (bookworm) |
| ocsinventory-ng | ocs_inventory_ng | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hrc6-53gx-mqr9: Multiple SQL injection vulnerabilities in ocsreports/index
ghsa_unreviewed·2022-05-17
CVE-2010-1595 [HIGH] CWE-89 GHSA-hrc6-53gx-mqr9: Multiple SQL injection vulnerabilities in ocsreports/index
Multiple SQL injection vulnerabilities in ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers to execute arbitrary SQL commands via the (1) c, (2) val_1, or (3) onglet_bis parameter.
OSV
CVE-2010-1595: Multiple SQL injection vulnerabilities in ocsreports/index
osv·2010-04-28·CVSS 7.5
CVE-2010-1595 [HIGH] CVE-2010-1595: Multiple SQL injection vulnerabilities in ocsreports/index
Multiple SQL injection vulnerabilities in ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers to execute arbitrary SQL commands via the (1) c, (2) val_1, or (3) onglet_bis parameter.
Debian
CVE-2010-1595: ocsinventory-server - Multiple SQL injection vulnerabilities in ocsreports/index.php in OCS Inventory ...
vendor_debian·2010·CVSS 7.5
CVE-2010-1595 [HIGH] CVE-2010-1595: ocsinventory-server - Multiple SQL injection vulnerabilities in ocsreports/index.php in OCS Inventory ...
Multiple SQL injection vulnerabilities in ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers to execute arbitrary SQL commands via the (1) c, (2) val_1, or (3) onglet_bis parameter.
Scope: local
bookworm: resolved (fixed in 1.02.1-1)
bullseye: resolved (fixed in 1.02.1-1)
sid: resolved (fixed in 1.02.1-1)
No detection rules found.
Exploit-DB
Apple iOS Mobile Mail - LibTIFF Buffer Overflow (Metasploit)
exploitdb·2012-10-09
CVE-2010-0188 Apple iOS Mobile Mail - LibTIFF Buffer Overflow (Metasploit)
Apple iOS Mobile Mail - LibTIFF Buffer Overflow (Metasploit)
---
##
# $Id: mobilemail_libtiff.rb 15950 2012-10-09 18:31:08Z rapid7 $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
##
require 'msf/core'
class Metasploit3 'Apple iOS MobileMail LibTIFF Buffer Overflow',
'Description' => %q{
This module exploits a buffer overflow in the version of
libtiff shipped with firmware versions 1.00, 1.01, 1.02, and
1.1.1 of the Apple iPhone. iPhones which have not had the BSD
tools installed will need to use a special payload.
},
'License' => MSF_LICENSE,
'Author' => ['hdm', 'kf'],
'Version' => '$Revision: 1595
Exploit-DB
Apple iOS Mobile Safari - LibTIFF Buffer Overflow (Metasploit)
exploitdb·2012-10-09
CVE-2010-0188 Apple iOS Mobile Safari - LibTIFF Buffer Overflow (Metasploit)
Apple iOS Mobile Safari - LibTIFF Buffer Overflow (Metasploit)
---
##
# $Id: safari_libtiff.rb 15950 2012-10-09 18:31:08Z rapid7 $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
##
require 'msf/core'
class Metasploit3 'Apple iOS MobileSafari LibTIFF Buffer Overflow',
'Description' => %q{
This module exploits a buffer overflow in the version of
libtiff shipped with firmware versions 1.00, 1.01, 1.02, and
1.1.1 of the Apple iPhone. iPhones which have not had the BSD
tools installed will need to use a special payload.
},
'License' => MSF_LICENSE,
'Author' => ['hdm', 'kf'],
'Version' => '$Revision: 1595
Exploit-DB
ShixxNOTE 6.net - Font Field Overflow (Metasploit)
exploitdb·2010-06-15
CVE-2004-1595 ShixxNOTE 6.net - Font Field Overflow (Metasploit)
ShixxNOTE 6.net - Font Field Overflow (Metasploit)
---
##
# $Id: shixxnote_font.rb 9525 2010-06-15 07:18:08Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'ShixxNOTE 6.net Font Field Overflow',
'Description' => %q{
This module exploits a buffer overflow in ShixxNOTE 6.net.
The vulnerability is caused due to boundary errors in the
handling of font fields.
},
'Author' => 'MC',
'License' => MSF_LICENSE,
'Version' => '$Revision: 9525 $',
'References' =>
[
['CVE', '2004-1595'],
['OSVDB', '10721'],
['BID', '11409'],
],
'DefaultOptions' =
http://osvdb.org/61942http://packetstormsecurity.org/1001-exploits/ocsinventoryng-sqlxss.txthttp://secunia.com/advisories/38311http://www.mandriva.com/security/advisories?name=MDVSA-2010:178https://exchange.xforce.ibmcloud.com/vulnerabilities/55872http://osvdb.org/61942http://packetstormsecurity.org/1001-exploits/ocsinventoryng-sqlxss.txthttp://secunia.com/advisories/38311http://www.mandriva.com/security/advisories?name=MDVSA-2010:178https://exchange.xforce.ibmcloud.com/vulnerabilities/55872
2010-04-28
Published