7419 matches found
CVE-2019-17300
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Administration module by a Developer user...
Directory traversal
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the Studio module by a Developer user...
Sql injection
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Administration module by a Developer user...
Code injection
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the ModuleBuilder module by a Developer user...
Code injection
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by a Developer user...
Code injection
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Administration module by a Developer user...
CVE-2019-17298
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Administration module by a Developer user...
CVE-2019-17298
SugarCRM is affected in versions prior to 8.0.4 and 9.x prior to 9.0.2. The vulnerability is an SQL injection in the Administration module exploitable by a Developer user. Root cause: insufficient input validation in the vulnerable path leads to injectable SQL. Impact per disclosed references inc...
CVE-2019-17300
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Administration module by a Developer user...
CVE-2019-17302
Summary: CVE-2019-17302 affects SugarCRM, specifically the ModuleBuilder module. Compared with several connected sources, the vulnerability enables PHP code injection by a Developer user in SugarCRM versions listed as vulnerable: before 8.0.4 and before 9.0.2 (i.e., 8.0.0–8.0.3 and 9.x prior to 9...
CVE-2019-17302
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the ModuleBuilder module by a Developer user...
CVE-2019-17303
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by a Developer user...
CVE-2019-17313
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the Studio module by a Developer user...
CVE-2019-17313
CVE-2019-17313 affects SugarCRM with versions before 8.0.4 and 9.x before 9.0.2. The vulnerability is a directory traversal in the Studio module accessible to Developer users. Public sources indicate the issue stems from input validation weaknesses in the Studio module (CNVD-2019-34432). The acco...
CVE-2019-11651
Reflected XSS on Micro Focus Enterprise Developer and Enterprise Server, all versions prior to version 3.0 Patch Update 20, version 4.0 Patch Update 12, and version 5.0 Patch Update 2. The vulnerability could be exploited to redirect a user to a malicious page or forge certain types of web reques...
CVE-2019-11651
Reflected XSS on Micro Focus Enterprise Developer and Enterprise Server, all versions prior to version 3.0 Patch Update 20, version 4.0 Patch Update 12, and version 5.0 Patch Update 2. The vulnerability could be exploited to redirect a user to a malicious page or forge certain types of web reques...
Cross site scripting
Reflected XSS on Micro Focus Enterprise Developer and Enterprise Server, all versions prior to version 3.0 Patch Update 20, version 4.0 Patch Update 12, and version 5.0 Patch Update 2. The vulnerability could be exploited to redirect a user to a malicious page or forge certain types of web reques...
CVE-2019-11651
The CVE-2019-11651 entry concerns a Reflected XSS in Micro Focus Enterprise Developer and Enterprise Server . All versions prior to specific patch updates are affected (3.0 Patch Update 20, 4.0 Patch Update 12, 5.0 Patch Update 2). The vulnerability could be exploited to redirect users to a malic...
CVE-2019-11277
Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable to LDAP injection. A remote authenticated malicious space developer can potentially inject LDAP filters via service instance creation, facilitating the malicious space developer to deny...
KLA11741 Multiple vulnerabilities in Opera
Multiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, cause denial of service, spoof user interface, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Policy enforcement...