EUVD-2008-7032

Malware in sbrugna...

EUVD-2009-3549

Malware in sbrugna...

EUVD-2005-1697

Malware in sbrugna...

CVE-2009-3568

Comment RSS 5.x before 5.x-2.2 and 6.x before 6.x-2.2, a module for Drupal, does not properly enforce permissions when a link is added to the RSS feed, which allows remote attackers to obtain the node title and possibly other sensitive content by reading the feed...

RunCMS 2.1 Magpie RSS Module Cross Site Scripting

------------------------------------------------------------------------ Software................RunCMS 2.1 Magpie RSS Module Vulnerability...........Reflected Cross-site Scripting Download................http://www.runcms.org/ Release Date............7/5/2010 Tested On...............Windows Vist...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the RSS module in vtiger CRM 5.0.4 allows remote attackers to hijack the authentication of Admin users for requests that modify the news feed system via the rssurl parameter in a Save action to index.php...

CVE-2009-3248

Cross-site request forgery CSRF vulnerability in the RSS module in vtiger CRM 5.0.4 allows remote attackers to hijack the authentication of Admin users for requests that modify the news feed system via the rssurl parameter in a Save action to index.php...

CVE-2009-3248

Cross-site request forgery CSRF vulnerability in the RSS module in vtiger CRM 5.0.4 allows remote attackers to hijack the authentication of Admin users for requests that modify the news feed system via the rssurl parameter in a Save action to index.php...

CVE-2009-3248

The CVE-2009-3248 entry describes a CSRF vulnerability in the vtiger CRM 5.0.4 RSS module . The flaw allows remote attackers to hijack the authentication of Admin users by crafting requests to index.php with the rssurl parameter in a Save action, enabling modification of the news feed system. The...

SA-CONTRIB-2009-058 - Comment RSS - Access bypass

The Comment RSS module provides RSS feeds for comments on individual nodes. The link to this feed contains the node's title. Adding the link to the RSS feed was not respecting access permissions, potentially exposing content not available otherwise. Versions affected Comment RSS for Drupal 5.x...

Remote file inclusion

PHP remote file inclusion vulnerability in lib/action/rss.php in RSS module 0.1 for Pie Web Ma,esher, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the lib parameter...

CVE-2008-7073

PHP remote file inclusion vulnerability in lib/action/rss.php in RSS module 0.1 for Pie Web Ma,esher, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the lib parameter...

CVE-2008-7073

CVE-2008-7073 concerns a PHP remote file inclusion in the RSS module 0.1 for Pie Web Maesher. The root cause is that when register_globals is enabled, the lib parameter can be controlled to point to a URL, allowing an attacker to execute arbitrary PHP code on the server. The vulnerability targets...

CVE-2008-7073

PHP remote file inclusion vulnerability in lib/action/rss.php in RSS module 0.1 for Pie Web Ma,esher, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the lib parameter...

Pie Web M{a e}sher Mod Rss 0.1 Remote File Inclusion Vulnerability

No description provided by source. Pie Web RSS module 0.1 lib Remote File injulide : download: http://pie.ekkaia.org/file/modrss-0.1.tar.gz ---------------------------------------------------------- Discovered By: ZoRLu msn: [email protected] Home: www.z0rlu.blogspot.com N0T: YALNIZLIK, YiTiRD...

SugarCRM Community Edition 4.5.1/5.0.0 File Disclosure Vulnerability

No description provided by source. Name SugarCRM – Local File Disclosure SugarCRM http://www.sugarcrm.com/docs/ReleaseNotes/OpenSourceReleaseNotes4.5.1j/ Advisories SugarReleaseNotes4.5.1j.2.6.html Bug 20522 http://dl.sugarforge.org/sugarcrm/SugarCE5.0Latest/SugarCE5.0.0/...

SugarCRM Community Edition RSS模块信息泄露漏洞

BUGTRAQ ID: 28981 SugarCRM是开源的客户关系管理系统。 SugarCRM没有正确地验证对RSS模块的输入便用于在cache/feeds目录中生成缓存文件，远程攻击者可能利用此漏洞在系统上创建文件。 RSS模块允许SugarCRM用户向个人RSS列表添加RSS源，但没有正确地过滤URL变量值，因此用户可以输入任意URI值。在这种情况下，SugarCRM可能无法在列表中显示新的RSS源，但应用程序会以所输入URL的md5哈希为文件名在cache/feeds目录中创建本地文件。 SugarCRM SugarCRM Community Edition 5.0 SugarC...

SugarCRM Community Edition 4.5.1/5.0.0 - File Disclosure

Name SugarCRM – Local File Disclosure SugarCRM http://www.sugarcrm.com/docs/ReleaseNotes/OpenSourceReleaseNotes4.5.1j/ Advisories SugarReleaseNotes4.5.1j.2.6.html Bug 20522 http://dl.sugarforge.org/sugarcrm/SugarCE5.0Latest/SugarCE5.0.0/ SugarCommunityEditionReleaseNotes5.0c.pdf Bug 20342 Date...

SugarCRM Community Edition 4.5.15.0.0 - File Disclosure

SugarCRM Community Edition 4.5.15.0.0 - File Disclosure Name SugarCRM – Local File Disclosure SugarCRM http://www.sugarcrm.com/docs/ReleaseNotes/OpenSourceReleaseNotes4.5.1j/ Advisories SugarReleaseNotes4.5.1j.2.6.html Bug 20522 http://dl.sugarforge.org/sugarcrm/SugarCE5.0Latest/SugarCE5.0.0/...

sugarcrm-disclose.txt

======================================================================== = SugarCRM Community Edition Local File Disclosure Vulnerability = = Vendor Website: = http://www.sugarcrm.com = = Affected Version: = -- SugarCRM Community Edition 4.5.1 = -- SugarCRM Community Edition 5.0.0 = = Public...