24 matches found
EUVD-2019-5903
Malware in sbrugna...
EUVD-2019-5902
Malware in sbrugna...
EUVD-2019-5905
Malware in sbrugna...
CVE-2019-14765
Incorrect Access Control in AfficheExplorateurParam in DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to use administrative controllers...
CVE-2019-14767
In DIMO YellowBox CRM before 6.3.4, Path Traversal in images/Apparence dossier=../ and servletrecuperefichier document=../ allows an unauthenticated user to download arbitrary files from the server...
CVE-2019-14766
Path Traversal in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to browse the server filesystem...
CVE-2019-14768
An Arbitrary File Upload issue in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to deploy a new WebApp WAR file to the Tomcat server via Path Traversal, allowing remote code execution with SYSTEM privileges...
CVE-2019-14765
Incorrect Access Control in AfficheExplorateurParam in DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to use administrative controllers...
CVE-2019-14766
Path Traversal in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to browse the server filesystem...
CVE-2019-14767
In DIMO YellowBox CRM before 6.3.4, Path Traversal in images/Apparence dossier=../ and servletrecuperefichier document=../ allows an unauthenticated user to download arbitrary files from the server...
CVE-2019-14768
An Arbitrary File Upload issue in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to deploy a new WebApp WAR file to the Tomcat server via Path Traversal, allowing remote code execution with SYSTEM privileges...
CVE-2019-14765
Incorrect Access Control in AfficheExplorateurParam in DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to use administrative controllers...
CVE-2019-14768
An Arbitrary File Upload issue in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to deploy a new WebApp WAR file to the Tomcat server via Path Traversal, allowing remote code execution with SYSTEM privileges...
Path traversal
In DIMO YellowBox CRM before 6.3.4, Path Traversal in images/Apparence dossier=../ and servletrecuperefichier document=../ allows an unauthenticated user to download arbitrary files from the server...
Improper access control
Incorrect Access Control in AfficheExplorateurParam in DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to use administrative controllers...
Path traversal
Path Traversal in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to browse the server filesystem...
Path traversal
An Arbitrary File Upload issue in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to deploy a new WebApp WAR file to the Tomcat server via Path Traversal, allowing remote code execution with SYSTEM privileges...
CVE-2019-14768
CVE-2019-14768 affects DIMO YellowBox CRM prior to 6.3.4. An authenticated user can exploit an Arbitrary File Upload in the file browser to deploy a WebApp WAR to the Tomcat server via Path Traversal, enabling remote code execution with SYSTEM privileges. The vulnerability stems from improper val...
CVE-2019-14767
In DIMO YellowBox CRM before 6.3.4, Path Traversal in images/Apparence dossier=../ and servletrecuperefichier document=../ allows an unauthenticated user to download arbitrary files from the server...
CVE-2019-14767
In DIMO YellowBox CRM prior to version 6.3.4, a Path Traversal vulnerability exists in images/Apparence (dossier=../) and servletrecuperefichier (document=../) that allows an unauthenticated user to download arbitrary files from the server. Affected component: the application’s file retrieval pat...