Gonicus
gonicus
4 CVEs • 2 products
Products (2)
Click to collapseToggle
Products (2)
Click to collapse
CVEs (4)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
2Debian Gonicus2Debian Linux GosaNov 21, 2024 Aug 15, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an arbitrary password is p...Show more |
2Debian Gonicus2Debian Linux GosaNov 21, 2024 Jun 26, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 GONICUS GOsa version before commit 56070d6289d47ba3f5918885954dcceb75606001 contains a Cross Site Scripting (XSS) vulnerability in change password form (html/password.php, #308) that can result in injection of arbitrary...Show more |
1Gonicus 1Gonicus System Administration Apr 23, 2026 Jan 18, 2007 N/A· v4 N/A· v3 9.0 HIGH· v2 Unspecified vulnerability in GONICUS System Administration (GOsa) before 2.5.8 allows remote authenticated users to modify certain settings, including the admin password, via crafted POST requests. |
1Gonicus 1Gonicus System Administration Apr 16, 2026 Dec 31, 2003 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in index.php for GONiCUS System Administrator (GOsa) 1.0 allows remote attackers to execute arbitrary PHP code via the plugin parameter to (1) 3fax/1blocklists/index.php; (2) 6depa...Show more |