ID de Prueba:	1.3.6.1.4.1.25623.1.0.801204
Categoría:	Web application abuses
Título:	OCS Inventory NG Multiple Vulnerabilities
Resumen:	OCS Inventory NG is prone to multiple cross-site scripting and SQL injection vulnerabilities.
Descripción:	Summary: OCS Inventory NG is prone to multiple cross-site scripting and SQL injection vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - improper validation of user-supplied input via 1)the query string, (2)the BASE parameter, or (3)the ega_1 parameter in ocsreports/index.php that allow remote attackers to inject arbitrary web script or HTML. - improper validation of user-supplied input via (1)c, (2)val_1, or (3)onglet_bis parameter in ocsreports/index.php that allow remote attackers to execute arbitrary SQL commands. Vulnerability Impact: Successful exploitation could allow attackers to inject arbitrary web script or HTML and conduct Cross-Site Scripting attacks. Affected Software/OS: OCS Inventory NG 1.02.1 and prior. Solution: Upgrade to the latest version of OCS Inventory NG 1.02.3 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-1594 http://www.mandriva.com/security/advisories?name=MDVSA-2010:178 http://packetstormsecurity.org/1001-exploits/ocsinventoryng-sqlxss.txt http://osvdb.org/61943 http://secunia.com/advisories/38311 XForce ISS Database: ocsinventoryng-index-xss(55874) https://exchange.xforce.ibmcloud.com/vulnerabilities/55874 Common Vulnerability Exposure (CVE) ID: CVE-2010-1595 http://osvdb.org/61942 XForce ISS Database: ocsinventoryng-index-sql-injection(55872) https://exchange.xforce.ibmcloud.com/vulnerabilities/55872
Copyright	Copyright (C) 2010 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.