13 matches found
Deserialization of Untrusted Data
Overview tendenci is a Tendenci - The Open Source Association Management System AMS Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the runreport function in the helpdesk module. An attacker can execute arbitrary code with the privileges of the applicatio...
GHSA-339M-4QW5-J2G3 Tendenci Affected by Authenticated Remote Code Execution via Pickle Deserialization
A critical deserialization vulnerability exists in Tendenci Helpdesk module NOTE, by default, Helpdesk is NOT enabled, affecting the version 15.3.11 and earlier. This vulnerability allows remote code execution RCE by an authenticated user with staff security level due to using Python's pickle...
PT-2026-3886
Name of the Vulnerable Software and Affected Versions Tendenci versions 15.3.11 and earlier Description Tendenci, an open source content management system, has a critical deserialization issue in the Helpdesk module. An authenticated user with staff security level can achieve Remote Code Executio...
EUVD-2019-5468
Malware in sbrugna...
CVE-2019-14221
1CRM On-Premise Software 8.5.7 allows XSS via a payload that is mishandled during a Run Report operation...
CVE-2019-14221
1CRM On-Premise Software 8.5.7 allows XSS via a payload that is mishandled during a Run Report operation...
Cross site scripting
1CRM On-Premise Software 8.5.7 allows XSS via a payload that is mishandled during a Run Report operation...
CVE-2019-14221
1CRM On-Premise Software 8.5.7 allows XSS via a payload that is mishandled during a Run Report operation...
CVE-2019-14221
1CRM On-Premise Software 8.5.7 is affected by a Cross-Site Scripting vulnerability triggered by a payload mishandled during a Run Report operation. The issue is described across CVE-2019-14221 entries (NVD, RH, CNVD, PRION) as XSS, with some references labeling it stored/persistent. Public disclo...
1CRM On-Premise Software 8.5.7 - Persistent Cross-Site Scripting
1CRM On-Premise Software 8.5.7 - Persistent Cross-Site Scripting 1CRM On-Premise Software 8.5.7 Stored XSS //////////////////////////////////////////////////////////////////////////////////// Exploit Title: 1CRM On-Premise Software 8.5.7 - Cross-Site Scripting Date: 19/07/2019 Exploit Author: Kus...
Quest KACE System Management Appliance SQL Injection Vulnerability
Quest KACE System Management Appliance is an IT asset management appliance from Quest Software, USA. A SQL injection vulnerability exists in the '/common/runreport.php' script in version 8.0.318 of the Quest KACE System Management Appliance, which stems from the program not filtering incoming...
Sql injection
The 'reportID' parameter received by the '/common/runreport.php' script in the Quest KACE System Management Appliance 8.0.318 is not sanitized, leading to SQL injection in particular, an error-based type...
DEBIAN-CVE-2012-3866
lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for lastrunreport.yaml, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master server to read this file...