39 matches found
CVE-2010-0215
ActiveCollab before 2.3.2 allows remote authenticated users to bypass intended access restrictions, and 1 delete an attachment or 2 subscribe to an object, via a crafted URL...
EUVD-2009-2037
Malware in sbrugna...
EUVD-2010-0246
Malware in sbrugna...
EUVD-2009-1767
Malware in sbrugna...
EUVD-2009-1768
Malware in sbrugna...
CVE-2009-1772
Cross-site scripting XSS vulnerability in activeCollab 2.1 Corporate allows remote attackers to inject arbitrary web script or HTML via the reroute parameter to the login script...
CVE-2009-1773
activeCollab 2.1 Corporate allows remote attackers to obtain sensitive information via an invalid reroute parameter to the login script, which reveals the installation path in an error message...
activeCollab Chat Module Arbitrary PHP Code Execution (CVE-2012-6554)
A code execution vulnerability exists in Chat module for activeCollab.The vulnerability is due to a flaw that is triggered by the pregreplace function.A remote attacker may exploit this vulnerability by evaluating a string with complex curly syntax, allowing for the execution of arbitrary code...
ACTIVECOLLAB Cloud Service Detection
Binary data 8417.prm...
Useresponse <= 1.0.2 - Privilege Escalation & RCE Exploit
No description provided by source. !/usr/bin/python -------------------- | abuseresponse.py | -------------------- Useresponse = 1.0.2 privilege escalation & remote code execution exploit vendor: USWebStyle http://www.uswebstyle.com/ software: http://www.useresponse.com/ vulns found by bcoles...
Active Collab "chat module" <= 2.3.8 - Remote PHP Code Injection Exploit
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...
CVE-2012-6554
functions/htmltotext.php in the Chat module before 1.5.2 for activeCollab allows remote authenticated users to execute arbitrary PHP code via the messagemessagetext parameter to chat/addmessag, which is not properly handled when executing the pregreplace function with the eval switch...
Session fixation
functions/htmltotext.php in the Chat module before 1.5.2 for activeCollab allows remote authenticated users to execute arbitrary PHP code via the messagemessagetext parameter to chat/addmessag, which is not properly handled when executing the pregreplace function with the eval switch...
CVE-2012-6554
functions/htmltotext.php in the Chat module before 1.5.2 for activeCollab allows remote authenticated users to execute arbitrary PHP code via the messagemessagetext parameter to chat/addmessag, which is not properly handled when executing the pregreplace function with the eval switch...
CVE-2012-6554
Summary: CVE-2012-6554 is an arbitrary PHP code execution in the Active Collab Chat Module for versions prior to 1.5.2, exploitable by remote authenticated users via the message[message_text] field in chat/add_messag. The root cause is improper handling during preg_replace with the eval switch, e...
Useresponse <= 1.0.2 Privilege Escalation & RCE Exploit
Exploit for php platform in category web applications !/usr/bin/python -------------------- | abuseresponse.py | -------------------- Useresponse = 1.0.2 privilege escalation & remote code execution exploit vendor: USWebStyle http://www.uswebstyle.com/ software: http://www.useresponse.com/ vulns...
Useresponse 1.0.2 - Privilege Escalation / Remote Code Execution
!/usr/bin/python -------------------- | abuseresponse.py | -------------------- Useresponse = 1.0.2 privilege escalation & remote code execution exploit vendor: USWebStyle http://www.uswebstyle.com/ software: http://www.useresponse.com/ vulns found by bcoles @bclose and mrme @netninja exploit by...
CVE-2010-0215
ActiveCollab before 2.3.2 allows remote authenticated users to bypass intended access restrictions, and 1 delete an attachment or 2 subscribe to an object, via a crafted URL...
Design/Logic Flaw
ActiveCollab before 2.3.2 allows remote authenticated users to bypass intended access restrictions, and 1 delete an attachment or 2 subscribe to an object, via a crafted URL...
CVE-2010-0215
ActiveCollab prior to version 2.3.2 is affected by an access-control bypass vulnerability that allows remote authenticated users to perform unauthorized actions such as deleting an attachment or subscribing to an object by using a crafted URL. The issue appears to stem from improper access restri...