FreeBSD VuXML

Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Security issues that affect the FreeBSD operating system or applications in the FreeBSD Ports Collection are documented using the Vulnerabilities and Exposures Markup Language (VuXML). The current VuXML document that serves as the source for the content of this site can be found:

Please report security issues to the FreeBSD Security Team at . Full contact details, including information handling policies and PGP key, can be found on the FreeBSD Security page.

glpi


Entered Topic
2024-07-16 GLPI -- multiple vulnerabilities
2024-04-28 GLPI -- multiple vulnerabilities
2024-04-22 GLPI -- multiple vulnerabilities
GLPI -- multiple vulnerabilities
GLPI -- multiple vulnerabilities
2023-10-11 Account takeover through API in GLPI
Account takeover via Kanban feature in GLPI
Account takeover via SQL Injection in UI layout preferences in GLPI
File deletion through document upload process in GLPI
GLPI vulnerable to reflected XSS in search pages
GLPI vulnerable to SQL injection through Computer Virtual Machine information
GLPI vulnerable to SQL injection via dashboard administration
GLPI vulnerable to SQL injection via inventory agent request
GLPI vulnerable to unauthenticated access to Dashboard data
GLPI vulnerable to unauthorized access to Dashboard data
GLPI vulnerable to unauthorized access to KnowbaseItem data
GLPI vulnerable to unauthorized access to User data
glpi-project -- SQL injection in ITIL actors in GLPI
Phishing through a login page malicious URL in GLPI
Privilege Escalation from technician to super-admin in GLPI
Sensitive fields enumeration through API in GLPI
Unallowed PHP script execution in GLPI
Users login enumeration by unauthenticated user in GLPI
2023-05-08 glpi -- multiple vulnerabilities
2020-10-22 glpi -- Insecure Direct Object Reference on ajax/comments.ph
glpi -- Insecure Direct Object Reference on ajax/getDropdownValue.php
2020-10-01 glpi -- Any CalDAV calendars is read-only for every authenticated user
2020-06-25 glpi -- leakage issue with knowledge base
glpi -- Multiple SQL Injections Stemming From isNameQuoted()
glpi -- SQL injection for all usages of "Clone" feature
glpi -- SQL Injection in Search API
glpi -- Unauthenticated File Deletion
glpi -- Unauthenticated Stored XSS
2020-05-09 glpi -- stored XSS
2020-03-30 glpi -- able to read any token through API user endpoint
glpi -- bypass of the open redirect protection
glpi -- Improve encryption algorithm
glpi -- multiple related stored XSS vulnerabilities
glpi -- Reflexive XSS in Dropdown menus
glpi -- Remote Code Execution (RCE) via the backup functionality
glpi -- SQL injection for all helpdesk instances
glpi -- weak csrf tokens
2020-01-02 glpi -- Public GLPIKEY can be used to decrypt any data
2019-08-05 glpi -- Account takeover vulnerability
2012-02-10 glpi -- remote attack via crafted POST request
2009-01-28 glpi -- SQL Injection