75 matches found
CVE-2019-17316
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Import module by a Regular user...
Code injection
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Import module by a Regular user...
CVE-2019-17316
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Import module by a Regular user...
CVE-2019-17316
CVE-2019-17316 affects SugarCRM: versions prior to 8.0.4 and 9.x prior to 9.0.2. The vulnerability is a PHP object injection in the Import module exploitable by a regular user, due to insufficient input validation. Multiple connected sources (Red Hat, CNVD, CVE list) confirm the affected versions...
PT-2019-15079 · Sugarcrm · Sugarcrm
Name of the Vulnerable Software and Affected Versions: SugarCRM versions prior to 8.0.4 SugarCRM versions 9.x prior to 9.0.2 Description: The issue allows PHP object injection in the Import module by a Regular user. Recommendations: For SugarCRM versions prior to 8.0.4, update to version 8.0.4 or...
Broken Access Control in Import Module
More info at https://typo3.org/security/advisory/typo3-core-sa-2019-017...
Broken Access Control in Import Module
More info at https://typo3.org/security/advisory/typo3-core-sa-2019-017...
Broken Access Control in Import Module
It has been discovered that the Import/Export module is susceptible to broken access control. Regular backend users have access to import functionality which usually only is available to admin users or users having User TSconfig setting options.impexp.enableImportForNonAdminUser explicitly enable...
Reverse Engineering Communication Protocols: Netzob
Reverse Engineering Communication Protocols Netzob is an open source tool for reverse engineering, traffic generation and fuzzing of communication protocols. It allows to infer the message format and the state machine of a protocol through passive and active processes. The model can afterward be...
Drupal OSF Module Cross-Site Request Forgery Vulnerability
Drupal is a free and open source content management system developed in PHP. A cross-site request forgery vulnerability exists in the Drupal OSF module when the OSF Ontology and OSF Import modules are enabled in the program, which allows remote attackers to construct malicious URIs, trick users...
Drupal OSF Module Arbitrary File Deletion Vulnerability
Drupal is a free and open source content management system developed in PHP. A security vulnerability exists in the Drupal OSF module, which can be exploited by remote attackers to delete arbitrary files when the OSF Ontology and OSF Import modules are enabled in the program...
Drupal User Import Module Cross-Site Request Forgery Vulnerability
Drupal is a free and open source content management system developed in PHP.User Import is a module that provides the ability to import users. A cross-site request forgery vulnerability exists in the Drupal User Import module that allows remote attackers to construct malicious URIs, trick users...
CVE-2015-4390
The vulnerability CVE-2015-4390 affects the Drupal contributed module User Import (versions 6.x-4.x prior to 6.x-4.4 and 7.x-2.x prior to 7.x-2.3). A Cross-Site Request Forgery (CSRF) flaw exists in management URLs that could trick an administrator into continuing or deleting an ongoing import, e...
Empire cms backstage to get a shell vulnerability and fix-vulnerability warning-the black bar safety net
The first method: add a custom page 6.0 on experiment success Template management - add custom page - page name casually--file name: xx. asp;. html--the page content--pony copy the contents into it Save the post and then the Admin page Click you can go see your horse, generally in the root...
PT-2005-4113 · Blender · Blender
Name of the Vulnerable Software and Affected Versions: Blender version 2.36 Description: The issue allows attackers to execute arbitrary Python code via a hierarchy element in a .bvh file, which is supplied to an eval function call. This occurs in the bvh import.py module. Recommendations: For...