Improper access control

Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows attackers to obtain sensitive information via email connection configuration probing...

Quest KACE System Management Appliance Command Injection Vulnerability

The Quest KACE System Management Appliance provides comprehensive system management for all network-connected devices. A command injection vulnerability exists in the '/common/ajaxemailconnectiontest.php' script in Quest KACE System Management Appliance 8.0.318. An authenticated user can exploit...

Epicor Enterprise 7.4 - Multiple Vulnerabilities

"Epicor Enterprise vulnerabilities" - Affected vendor: Epicor Software Corporation - Affected system: Epicor Enterprise - Version 7.4 - Vendor disclosure date: May 13th, 2014 - Public disclosure date: September 30th, 2014 - Status: Fixed - Associated CVEs: 1 CVE-2014-4311 Password values not mask...

File Upload Manager 1.3

No description provided by source. Version: v1.3 ============================================================ www.sec-war.com ============================================================ 1- upload shell with: shell.php.jpg shell.php.gif shell.php.htm shell.htm shell.php.jpeg shell.php.bmp 2- Go t...