10 matches found
CVE-2025-64490
SuiteCRM (versions 7.14.7 and earlier; 8.0.0-beta.1 through 8.9.0) has an access-control flaw where a low-privileged user with a restrictive role can view and create work items via Resource Calendar and project screens even when related modules (Projects, Project Tasks, Tasks, Leads, Accounts, Me...
EUVD-2018-9982
Malware in sbrugna...
CVE-2024-42995
VTiger CRM = 8.1.0 does not correctly check user privileges. A low-privileged user can interact directly with the "Migration" administrative module to disable arbitrary modules...
PT-2023-29539 · Unknown · Sonice Retour +1
Name of the Vulnerable Software and Affected Versions: SoNice Retour module for PrestaShop versions up to 2.1.0 Description: The issue allows a guest to download personal information without restriction by performing a path traversal attack. This is due to a lack of permissions control and a lack...
PT-2023-8674 · Cisco · Cisco Ftd +1
Name of the Vulnerable Software and Affected Versions: Cisco Firepower Threat Defense FTD affected versions not specified Multiple Cisco products affected versions not specified Description: The issue is due to a flaw in the FTP module of the Snort detection engine, which could allow an...
PT-2023-27049 · Prestashop +1 · Theme Volty Cms Category Chain Slider +1
Name of the Vulnerable Software and Affected Versions: Theme Volty CMS Category Chain Slider module for PrestaShop versions up to 4.0.1 Description: The issue is related to the improper neutralization of SQL parameters in the Theme Volty CMS Category Chain Slider module for PrestaShop. This allow...
CVE-2018-18246
Icinga Web 2 before 2.6.2 has CSRF via /icingaweb2/config/moduledisable?name=monitoring to disable the monitoring module, or via /icingaweb2/config/moduleenable?name=setup to enable the setup module...
CVE-2018-18246
Icinga Web 2 before 2.6.2 has CSRF via /icingaweb2/config/moduledisable?name=monitoring to disable the monitoring module, or via /icingaweb2/config/moduleenable?name=setup to enable the setup module...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the Feature Set module for Drupal allow remote attackers to hijack the authentication of administrators for requests that 1 enable or 2 disable a module via unspecified vectors...
CVE-2015-3356
Multiple cross-site request forgery CSRF vulnerabilities in the Tadaa! module before 7.x-1.4 for Drupal allow remote attackers to hijack the authentication of arbitrary users for requests that 1 enable or 2 disable modules or 3 change variables via unspecified vectors...