Gosa Project

gosa_project

3 CVEs • 2 products

Products (2)

Click to collapse

Toggle

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-14466 2Debian Gosa Project 2Debian Linux Gosa Nov 21, 2024 Dec 31, 2019 N/A· v4 6.5 MEDIUM· v3 5.5 MEDIUM· v2 The GOsa_Filter_Settings cookie in GONICUS GOsa 2.7.5.2 is vulnerable to PHP objection injection, which allows a remote authenticated attacker to perform file deletions (in the context of the user account that runs the w...Show more The GOsa_Filter_Settings cookie in GONICUS GOsa 2.7.5.2 is vulnerable to PHP objection injection, which allows a remote authenticated attacker to perform file deletions (in the context of the user account that runs the web server) via a crafted cookie value, because unserialize is used to restore filter settings from a cookie.Show less
CVE-2015-8771 1Gosa Project 1Gosa Plugin May 13, 2026 Feb 13, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The generate_smb_nt_hash function in include/functions.inc in GOsa allows remote attackers to execute arbitrary commands via a crafted password.
CVE-2014-9760 1Gosa Project 1Gosa May 13, 2026 Feb 13, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the displayLogin function in html/index.php in GOsa allows remote attackers to inject arbitrary web script or HTML via the username.