Candidate: CVE-2010-1733
PublicDate: 2010-05-06 12:47:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1733
Description:
 Multiple SQL injection vulnerabilities in OCS Inventory NG before 1.02.3
 allow remote attackers to execute arbitrary SQL commands via (1) multiple
 inventory fields to the search form, reachable through index.php; or (2)
 the "Software name" field to the "All softwares" search form, reachable
 through index.php.  NOTE: the provenance of this information is unknown;
 the details are obtained solely from third party information.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_ocsinventory-server:
upstream_ocsinventory-server: released (1.02.3)
dapper_ocsinventory-server: DNE
hardy_ocsinventory-server: ignored (reached end-of-life)
jaunty_ocsinventory-server: ignored (reached end-of-life)
karmic_ocsinventory-server: ignored (reached end-of-life)
lucid_ocsinventory-server: ignored (reached end-of-life)
maverick_ocsinventory-server: ignored (reached end-of-life)
natty_ocsinventory-server: ignored (reached end-of-life)
oneiric_ocsinventory-server: not-affected (2.0-1)
precise_ocsinventory-server: not-affected (2.0-1)
quantal_ocsinventory-server: not-affected (2.0-1)
raring_ocsinventory-server: not-affected (2.0-1)
saucy_ocsinventory-server: not-affected (2.0-1)
devel_ocsinventory-server: not-affected (2.0-1)