Information on source package glpi

Available versions

ReleaseVersion
jessie0.84.8+dfsg.1-1

Open unimportant issues

BugjessieDescription
CVE-2019-13240vulnerableAn issue was discovered in GLPI before 9.4.1. After a successful passw ...
CVE-2019-13239vulnerableinc/user.class.php in GLPI before 9.4.3 allows XSS via a user picture. ...
CVE-2019-10233vulnerableTeclib GLPI before 9.4.1.1 is affected by a timing attack associated w ...
CVE-2019-10232vulnerableTeclib GLPI through 9.3.3 has SQL injection via the "cycle" parameter ...
CVE-2019-10231vulnerableTeclib GLPI before 9.4.1.1 is affected by a PHP type juggling vulnerab ...
CVE-2019-1010310vulnerableGLPI GLPI Product 9.3.1 is affected by: Frame and Form tags Injection ...
CVE-2019-1010307vulnerableGLPI GLPI Product 9.3.1 is affected by: Cross Site Scripting (XSS). Th ...
CVE-2018-7563vulnerableAn issue was discovered in GLPI through 9.2.1. The application is affe ...
CVE-2018-7562vulnerableA remote code execution issue was discovered in GLPI through 9.2.1. Th ...
CVE-2018-13049vulnerableThe constructSQL function in inc/search.class.php in GLPI 9.2.x throug ...
CVE-2017-11475vulnerableGLPI before 9.1.5.1 has SQL Injection in the condition rule field, exp ...
CVE-2017-11474vulnerableGLPI before 9.1.5.1 has SQL Injection in the $crit variable in inc/com ...
CVE-2017-11329vulnerableGLPI before 9.1.5 allows SQL injection via an ajax/getDropdownValue.ph ...
CVE-2017-11184vulnerableSQL injection exists in front/devicesoundcard.php in GLPI before 9.1.5 ...
CVE-2017-11183vulnerablefront/backup.php in GLPI before 9.1.5 allows remote authenticated admi ...
CVE-2016-7509vulnerableCross-site scripting (XSS) vulnerability in GLPI 0.90.4 allows remote ...
CVE-2016-7508vulnerableMultiple SQL injection vulnerabilities in GLPI 0.90.4 allow an authent ...
CVE-2016-7507vulnerableCross-Site Request Forgery (CSRF) vulnerability in GLPI 0.90.4 allows ...
CVE-2015-7685vulnerableGLPI before 0.85.3 allows remote authenticated users to create super-a ...
CVE-2015-7684vulnerableUnrestricted file upload in GLPI before 0.85.3 allows remote authentic ...
CVE-2014-9258vulnerableSQL injection vulnerability in ajax/getDropdownValue.php in GLPI befor ...
CVE-2014-8360vulnerableDirectory traversal vulnerability in inc/autoload.function.php in GLPI ...
CVE-2014-5032vulnerableGLPI before 0.84.7 does not properly restrict access to cost informati ...
CVE-2010-3692vulnerableDirectory traversal vulnerability in the callback function in client.p ...
CVE-2010-3691vulnerablePGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is ena ...
CVE-2010-3690vulnerableMultiple cross-site scripting (XSS) vulnerabilities in phpCAS before 1 ...
CVE-2010-2796vulnerableCross-site scripting (XSS) vulnerability in phpCAS before 1.1.2, when ...
CVE-2010-2795vulnerablephpCAS before 1.1.2 allows remote authenticated users to hijack sessio ...
CVE-2010-1618vulnerableCross-site scripting (XSS) vulnerability in the phpCAS client library ...

Resolved issues

BugDescription
TEMP-0513611-D1D676glpi sql injection
TEMP-0495542-A51430phpCAS XSS in final_uri; PHPCAS-52
CVE-2013-5696inc/central.class.php in GLPI before 0.84.2 does not attempt to make i ...
CVE-2013-2227local file inclusion
CVE-2013-2226Multiple SQL injection vulnerabilities in GLPI before 0.83.9 allow rem ...
CVE-2013-2225inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attacker ...
CVE-2012-4003Multiple cross-site scripting (XSS) vulnerabilities in GLPI-PROJECT GL ...
CVE-2012-4002Cross-site request forgery (CSRF) vulnerability in GLPI-PROJECT GLPI b ...
CVE-2012-1105
CVE-2012-1104
CVE-2012-1037PHP remote file inclusion vulnerability in front/popup.php in GLPI 0.7 ...
CVE-2011-2720The autocompletion functionality in GLPI before 0.80.2 does not blackl ...
CVE-2008-7220Unspecified vulnerability in Prototype JavaScript framework (prototype ...
CVE-2007-3215PHPMailer 1.7, when configured to use sendmail, allows remote attacker ...
CVE-2007-2383The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data ...

Search for package or bug name: Reporting problems