9 matches found
EUVD-2017-15034
Malware in sbrugna...
EUVD-2017-15035
Malware in sbrugna...
Sitecore CRM Code Execution Vulnerability
Sitecore CRM is a suite of customer relationship management solutions from Sitecore Denmark. A code execution vulnerability exists in the Package Manager in Sitecore CRM version 8.1 Rev 151207. A remote attacker can exploit this vulnerability by creating a ZIP archive file to execute arbitrary AS...
Code injection
The package manager in Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to execute arbitrary ASP code by creating a ZIP archive in which a .asp file has a ..\ in its pathname, visiting sitecore/shell/applications/install/dialogs/Upload%20Package/UploadPackage2.aspx to upload...
CVE-2017-5965
The package manager in Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to execute arbitrary ASP code by creating a ZIP archive in which a .asp file has a ..\ in its pathname, visiting sitecore/shell/applications/install/dialogs/Upload%20Package/UploadPackage2.aspx to upload...
Path traversal
Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to read arbitrary files via an absolute path traversal attack on sitecore/shell/download.aspx with the file parameter...
CVE-2017-5965
The package manager in Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to execute arbitrary ASP code by creating a ZIP archive in which a .asp file has a ..\ in its pathname, visiting sitecore/shell/applications/install/dialogs/Upload%20Package/UploadPackage2.aspx to upload...
CVE-2017-5965
The CVE-2017-5965 vulnerability affects Sitecore CRM 8.1 Rev 151207. The package manager allows remote authenticated administrators to execute arbitrary ASP code by creating a ZIP archive that contains a .asp file with a ..\ in its pathname, uploading it via sitecore/shell/applications/install/di...
CVE-2017-5966
CVE-2017-5966 affects Sitecore CRM 8.1 Rev 151207. The vulnerability is an absolute path traversal in sitecore/shell/download.aspx (parameter: file) that allows remote authenticated administrators to read arbitrary files. Root cause is improper validation of the file parameter in the download end...