Lucene search
K

75 matches found

OSV
OSV
added 2019/10/07 3:15 p.m.2 views

CVE-2019-17316

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Import module by a Regular user...

8.8CVSS7.3AI score0.01488EPSS
Exploits0References1
Prion
Prion
added 2019/10/07 3:15 p.m.13 views

Code injection

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Import module by a Regular user...

6.5CVSS8.8AI score0.01488EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/10/07 3:0 p.m.13 views

CVE-2019-17316

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Import module by a Regular user...

8.9AI score0.01488EPSS
Exploits0References1
CVE
CVE
added 2019/10/07 3:0 p.m.45 views

CVE-2019-17316

CVE-2019-17316 affects SugarCRM: versions prior to 8.0.4 and 9.x prior to 9.0.2. The vulnerability is a PHP object injection in the Import module exploitable by a regular user, due to insufficient input validation. Multiple connected sources (Red Hat, CNVD, CVE list) confirm the affected versions...

8.8CVSS8.8AI score0.01488EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2019/10/07 12:0 a.m.4 views

PT-2019-15079 · Sugarcrm · Sugarcrm

Name of the Vulnerable Software and Affected Versions: SugarCRM versions prior to 8.0.4 SugarCRM versions 9.x prior to 9.0.2 Description: The issue allows PHP object injection in the Import module by a Regular user. Recommendations: For SugarCRM versions prior to 8.0.4, update to version 8.0.4 or...

8.8CVSS8.8AI score0.01488EPSS
Exploits0References3
Friends Of PHP
Friends Of PHP
added 2019/06/25 6:40 a.m.15 views

Broken Access Control in Import Module

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-017...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/06/25 6:40 a.m.13 views

Broken Access Control in Import Module

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-017...

7.2AI score
Exploits0Affected Software1
Typo3
Typo3
added 2019/06/25 12:0 a.m.15 views

Broken Access Control in Import Module

It has been discovered that the Import/Export module is susceptible to broken access control. Regular backend users have access to import functionality which usually only is available to admin users or users having User TSconfig setting options.impexp.enableImportForNonAdminUser explicitly enable...

6.9AI score
Exploits0Affected Software1
n0where
n0where
added 2017/02/07 5:8 a.m.32 views

Reverse Engineering Communication Protocols: Netzob

Reverse Engineering Communication Protocols Netzob is an open source tool for reverse engineering, traffic generation and fuzzing of communication protocols. It allows to infer the message format and the state machine of a protocol through passive and active processes. The model can afterward be...

1.7AI score
Exploits0References1
CNVD
CNVD
added 2015/09/20 12:0 a.m.2 views

Drupal OSF Module Cross-Site Request Forgery Vulnerability

Drupal is a free and open source content management system developed in PHP. A cross-site request forgery vulnerability exists in the Drupal OSF module when the OSF Ontology and OSF Import modules are enabled in the program, which allows remote attackers to construct malicious URIs, trick users...

5.1CVSS7AI score0.00536EPSS
Exploits0References1
CNVD
CNVD
added 2015/09/20 12:0 a.m.3 views

Drupal OSF Module Arbitrary File Deletion Vulnerability

Drupal is a free and open source content management system developed in PHP. A security vulnerability exists in the Drupal OSF module, which can be exploited by remote attackers to delete arbitrary files when the OSF Ontology and OSF Import modules are enabled in the program...

4CVSS7AI score0.02003EPSS
Exploits0References1
CNVD
CNVD
added 2015/06/17 12:0 a.m.1 views

Drupal User Import Module Cross-Site Request Forgery Vulnerability

Drupal is a free and open source content management system developed in PHP.User Import is a module that provides the ability to import users. A cross-site request forgery vulnerability exists in the Drupal User Import module that allows remote attackers to construct malicious URIs, trick users...

6.8CVSS6.9AI score0.00656EPSS
Exploits0References1
CVE
CVE
added 2015/06/15 2:0 p.m.42 views

CVE-2015-4390

The vulnerability CVE-2015-4390 affects the Drupal contributed module User Import (versions 6.x-4.x prior to 6.x-4.4 and 7.x-2.x prior to 7.x-2.3). A Cross-Site Request Forgery (CSRF) flaw exists in management URLs that could trick an administrator into continuing or deleting an ongoing import, e...

6.8CVSS7.5AI score0.00656EPSS
Exploits0References5Affected Software1
myhack58
myhack58
added 2010/10/05 12:0 a.m.31 views

Empire cms backstage to get a shell vulnerability and fix-vulnerability warning-the black bar safety net

The first method: add a custom page 6.0 on experiment success Template management - add custom page - page name casually--file name: xx. asp;. html--the page content--pony copy the contents into it Save the post and then the Admin page Click you can go see your horse, generally in the root...

7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2005/10/24 12:0 a.m.3 views

PT-2005-4113 · Blender · Blender

Name of the Vulnerable Software and Affected Versions: Blender version 2.36 Description: The issue allows attackers to execute arbitrary Python code via a hierarchy element in a .bvh file, which is supplied to an eval function call. This occurs in the bvh import.py module. Recommendations: For...

7.5CVSS7.7AI score0.03884EPSS
Exploits1References10
Rows per page
Query Builder