15 matches found
EUVD-2019-7720
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2019-14465
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fmtmtmloadsong in fmt/mtm.c in Schism Tracker 20190722 has a heap-based buffer overflow. CVE-2019-14465 Note that Nessus relies on the presence of the package a...
CVE-2019-17307
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Tracker module by an Admin user...
CVE-2025-47256
Libxmp through 4.6.2 has a stack-based buffer overflow in depackpha in loaders/prowizard/pha.c via a malformed Pha format tracker module in a .mod file...
CVE-2025-47256
Libxmp through 4.6.2 has a stack-based buffer overflow in depackpha in loaders/prowizard/pha.c via a malformed Pha format tracker module in a .mod file...
CVE-2025-47256
Libxmp up to 4.6.2 is affected by a stack-based buffer overflow in depack_pha (loaders/prowizard/pha.c) triggered by a malformed Pha format tracker module in a .mod file. The exploitation is Local with no privileges required and no user interaction, with a CVSS v3.1 base score of 5.6 (Low confide...
SugarCRM PHP code injection vulnerability (CNVD-2019-34430)
SugarCRM is a set of open source customer relationship management software . A PHP code injection vulnerability exists in the Tracker module of SugarCRM. The vulnerability stems from a lack of input validation. An attacker can exploit the vulnerability to execute arbitrary code...
CVE-2019-17307
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Tracker module by an Admin user...
CVE-2019-17307
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Tracker module by an Admin user...
Code injection
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Tracker module by an Admin user...
CVE-2019-17307
Summary: CVE-2019-17307 affects SugarCRM. The vulnerability allows PHP code injection in the Tracker module when exploited by an Admin user. Affected versions are SugarCRM prior to 8.0.4 and 9.x prior to 9.0.2. The provided connected documents confirm the existence and nature of the issue but do ...
CVE-2019-17307
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Tracker module by an Admin user...
DEBIAN-CVE-2019-14497
ModuleEditor::convertInstrument in tracker/ModuleEditor.cpp in MilkyTracker 1.02.00 has a heap-based buffer overflow...
CVE-2018-6308
Multiple SQL injections exist in SugarCRM Community Edition 6.5.26 and below via the track parameter to modules\Campaigns\Tracker.php and modules\Campaigns\utils.php, the defaultcurrencyname parameter to modules\Configurator\controller.php and modules\Currencies\Currency.php, the duplicate...
Code injection
The Drupal Project module before 5.x-1.0, 4.7.x-2.3, and 4.7.x-1.3 and Project issue tracking module before 5.x-1.0, 4.7.x-2.4, and 4.7.x-1.4 do not properly enforce permissions, which allows remote attackers to 1 obtain sensitive via the Tracker Module and the Recent posts page; 2 obtain project...