CVE-2022-23940

SuiteCRM through 7.12.1 and 8.x through 8.0.1 allows Remote Code Execution. Authenticated users with access to the Scheduled Reports module can achieve this by leveraging PHP deserialization in the emailrecipients property. By using a crafted request, they can create a malicious report, containin...

Remote code execution

Zoho ManageEngine Desktop Central before 10.0.662 allows remote code execution by an authenticated user who has complete access to the Reports module...

CVE-2021-46164

Zoho ManageEngine Desktop Central before 10.0.662 allows remote code execution by an authenticated user who has complete access to the Reports module...

Sahi pro 7.x/8.x - Directory Traversal Vulnerability

Exploit for multiple platform in category web applications Exploit Title: Sahi pro :/s/dyn/Loghighlight?href=../../../../windows/win.ini&n=1selected 0day.today 2019-06-18...

CVE-2018-20470

An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A directory traversal arbitrary file access vulnerability exists in the web reports module. This allows an outside attacker to view contents of sensitive files...

CVE-2018-20470

An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A directory traversal arbitrary file access vulnerability exists in the web reports module. This allows an outside attacker to view contents of sensitive files...

Code injection

An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A web reports module has "export to excel features" that are vulnerable to CSV injection. An attacker can embed Excel formulas inside an automation script that, when exported after execution, results in code execution...

CVE-2018-20470

Tyto Sahi Pro through 8.0.0 is affected by a Local File Inclusion / directory traversal vulnerability in the web reports module, enabling an attacker to view sensitive server files. Affected: Tyto Sahi Pro versions through 7.x.x and 8.0.0 (per CVE-2018-20470). Root cause: improper handling of fil...

PT-2019-10075 · Tyto · Tyto Sahi Pro

Name of the Vulnerable Software and Affected Versions: Tyto Sahi Pro versions prior to 8.0.1 Description: A directory traversal issue exists in the web reports module, allowing an outside attacker to access sensitive files. Recommendations: For versions prior to 8.0.1, update to version 8.0.1 or...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in vTiger CRM 5.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 viewname parameter in a CalendarAjax action, 2 activitymode parameter in a DetailView action, 3 contactid and 4 parentid parameters in an...

CVE-2011-4670

Multiple cross-site scripting XSS vulnerabilities in vTiger CRM 5.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 viewname parameter in a CalendarAjax action, 2 activitymode parameter in a DetailView action, 3 contactid and 4 parentid parameters in an...