Tiki Wiki CMS Groupware 25.0 Cross Site Request Forgery Vulnerability

------------------------------------------------------------------------------ Tiki Wiki CMS Groupware = 25.0 Two Cross-Site Request Forgery Vulnerabilities ------------------------------------------------------------------------------ - Software Link: https://tiki.org - Affected Versions: Versio...

Tiki Wiki CMS Groupware 24.0 structlib.php Code Execution Vulnerability

-------------------------------------------------------------------------------- Tiki Wiki CMS Groupware = 24.0 structlib.php PHP Code Injection Vulnerability -------------------------------------------------------------------------------- - Software Link: https://tiki.org - Affected Versions:...

SugarCRM 9.0.1 Phar Deserialization

--------------------------------------------------------------- SugarCRM = 9.0.1 Multiple Phar Deserialization Vulnerabilities --------------------------------------------------------------- - Software Link: https://www.sugarcrm.com - Affected Versions: Version 9.0.1 and prior versions, 8.0.3 and...

SugarCRM ConnectorsController Server-Side Request Forgery Vulnerability

SugarCRM versions prior to 7.9.4.0 and 7.11.0.0 suffer from a server-side request forgery vulnerability. The vulnerability is located within the "ConnectorsController::actionCallRest" method. User input passed through the "url" request parameter is not properly sanitized before being used in a ca...

Piwik 2.16.0 - 'layout' PHP Object Injection

--------------------------------------------------------------- Piwik checkTokenInUrl; 213. 214. $layout = Common::unsanitizeInputValueCommon::getRequestVar'layout'; 215. $layout = striptags$layout; 216. $idDashboard = Common::getRequestVar'idDashboard', 1, 'int'; 217. $name =...

vTiger CRM SOAP AddEmailAttachment - Arbitrary File Upload

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rexml/document' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include REXML include...

DataLife Engine preview.php PHP Code Injection

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

vTiger CRM SOAP AddEmailAttachment任意文件上传漏洞

BUGTRAQ ID：61558 CVE ID：CVE-2013-3214 vtiger CRM是一套基于Web以销售能力自动化SFA为主的客户关系管理系统CRM 。 vtiger CRM /soap/vtigerolservice.php所定义的AddEmailAttachment SOAP方法不正确过滤通过"filedata"和"filename"参数提交的输入，允许攻击者利用漏洞写/覆盖任意文件，并以WEB权限执行。 0 vtiger vtiger CRM 5.0.0 - 5.4.0 厂商补丁： vtiger ----- 用户可参考如下厂商提供的安全补丁以修复此漏洞：...

vTiger CRM SOAP AddEmailAttachment Arbitrary File Upload Vulnerability

vTiger CRM allows an user to bypass authentication when requesting SOAP services. In addition, arbitrary file upload is possible through the AddEmailAttachment SOAP service. By combining both vulnerabilities an attacker can upload and execute PHP code. This Metasploit module has been tested...

Joomla! 3.0.2 - highlight.php PHP Object Injection

Joomla! 3.0.2 - highlight.php PHP Object Injection ------------------------------------------------------------------- Joomla! request-get'highlight', null, 'base64'; 58. $terms = $terms ? unserializebase64decode$terms : null; User input passed through the "highlight" parameter is not properly...