9 matches found
CVE-2026-27689 Denial of service (DOS) in SAP Supply Chain Management
Due to an uncontrolled resource consumption Denial of Service vulnerability, an authenticated attacker with regular user privileges and network access can repeatedly invoke a remote-enabled function module with an excessively large loop-control parameter. This triggers prolonged loop execution th...
EUVD-2019-9419
Malware in sbrugna...
CVE-2023-41776
There is a local privilege escalation vulnerability of ZTE's ZXCLOUD iRAI.Attackers with regular user privileges can create a fake process, and to escalate local privileges...
CVE-2023-46815
An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using a crafted request, custom PHP code can be injected via the Notes module because of missing input validation. An attacker with...
CVE-2023-46816
An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. A Server Site Template Injection SSTI vulnerability has been identified in the GecControl action. By using a crafted request, custom PHP code can be injected via the GetControl action because of missing input validation. A...
Unrestricted file upload
An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using a crafted request, custom PHP code can be injected via the Notes module because of missing input validation. An attacker with...
PT-2023-30232 · Sugarcrm · Sugarcrm
Name of the Vulnerable Software and Affected Versions: SugarCRM versions prior to 12.0.4 SugarCRM versions prior to 13.0.2 Description: A Server Site Template Injection SSTI issue has been identified in the GecControl action, allowing custom PHP code injection via the GetControl action due to...
CVE-2023-46816
An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. A Server Site Template Injection SSTI vulnerability has been identified in the GecControl action. By using a crafted request, custom PHP code can be injected via the GetControl action because of missing input validation. A...
Security hole in MatrikzGB
Security hole in MatrikzGB Guestbook 15/8/2003 Vulnerable Versions: Version 2.0 and prior Version 3 not tested Summary: MatrikzGB was written by Thomas Hempel for www.onsite.org. A bug in index.php allows a user with a regular user account to give administrator rights to himself. Details: The bug...