SugarCRM versions 6.5.23 and below suffer from a PHP object injection vulnerability.
1a98da7144e660a3accb44aab022cd43453f7c51263930ef13a00ccd4a03cb51
SugarCRM versions 6.5.18 and below suffer from a MySugar::addDashlet insecure fopen() usage that can lead to command injection, cross site scripting, and server-side request forgery exploitation.
b5ea2947c8c691e63cd8b15a2ad9c1ce3e6371ed8f9cad785fad1655ff9e56d0
SugarCRM versions 6.5.18 and below suffer from two PHP code injection vulnerabilities.
dd7c80c6120e1805c1954e5087e5f215c67a081881bc8f20fcaa86bfed40b75e
SugarCRM versions 6.5.18 and below suffer from a missing authorization check vulnerability.
b0d6c09a780b84f51c2d8a829a8cad6ddf0b80bf8cd8641bb49a73cc3e3ff170
SugarCRM versions 6.5.18 CE and below suffer from a SAML authentication XML external entity vulnerability.
d8bf3667bba05f07cd81eeb7dfd0728907f68ad4f68d3142091238587292b06e
Magento versions 1.9.2.2 and below suffer from an information disclosure vulnerability in their RSS feed.
01b433ea9ea8a8bfd60a02085deff0d6671bc1935cc0aafe2a78128162522f37
CakePHP versions 3.2.0 and below suffer from a _method cross site request forgery protection bypass vulnerability.
6e2e864c04d0c6c4360fa94fcb1ed1542e92335d6934e0804e1d0d0100ff489d
Piwik versions 2.14.3 and below suffer from a PHP object injection vulnerability that can lead to remote code execution.
84f13b541beeab5027a0a0d132f9bddd2aec51f57b18ea61539b18dec408924d
Piwik version 2.14.3 and below suffer from a local file inclusion vulnerability.
eee59dc36374f91dced40b4ea48194596072b837658dfbeccc53d0849c0265bd
ATutor versions 2.2 and below suffer from a remote php code injection vulnerability.
d68f51a39b755fe477331334371a85a9867f5564885f7740eefbf41a2c9a3341
ATutor versions 2.2 and below suffer from a cross site scripting vulnerability.
3f019a580730a65969fb1ee296eee1f664af50dc8c239571889044cbaa6c68b0
ATutor versions 2.2 and below suffer from a session variable overloading vulnerability.
fbaac07ae5c801f3305296ae4796cdbada7788e75ace0989665efa6ffddd79c9
ATutor versions 2.2 and below suffer from a remote unrestricted file upload vulnerability.
bfe91d27b6015c2947337a14fd42a2923a402b9ed2d98972883b08ff15515b82
Magento versions 1.9.2 and below suffer from an autoloaded file inclusion vulnerability.
fc7990f532774d8eb7b6c58646a4184c066856b3fb99521ec6baa6859a83e854
Concrete5 versions 5.7.4 and below suffer from a remote SQL injection vulnerability.
09135e38d13882eebea77629d624025c3928967909de59178c537978dfc7e7ac
Concrete5 versions 5.7.3.1 and below suffer from multiple cross site scripting vulnerabilities.
5a6ef1506e51dfe8f5c743d4ac107de78835ad514c929a0dbd4c1e19c02acdda
Concrete5 versions 5.7.3.1 and below suffers from a sendmail-related remote code execution vulnerability.
2738129737c2ca9db8afcb24d75b7688377742b1d8ad9da2b2e8397c4bd6faed
Open Letters remote PHP code injection exploit.
5b55b8dec7032e9a0c9a5a10c5e92faa1e847ea73b757f2e6b21d10d4274b5e0
This Metasploit module exploits a command injection vulnerability found in Symantec Web Gateway's setting restoration feature. The filename portion can be used to inject system commands into a syscall function, and gain control under the context of HTTP service. For Symantec Web Gateway 5.1.1, you can exploit this vulnerability by any kind of user. However, for version 5.2.1, you must be an administrator.
7810fcb69993934064a2c2e0dc2b58aaf5d7e3002088449a8499f31076eee919
Symantec Web Gateway versions 5.2.1 and below suffer from a remote OS command injection vulnerability.
80e097e61c3144721b95a38213e7b0f3f782bac6d90fcd41c8baf29fdbab0249
GetSimple CMS versions 3.1.1 through 3.3.4 suffer from an XML external entity injection vulnerability.
08abfc94e71de2ed8b547ff31a3d88150accaa5198692c3c78a8a9486fd32308
Mantis Bug Tracker versions 1.2.0 through 1.2.17 suffer from a PHP code injection vulnerability.
5123adecd54a72a557dfcb5fa13fb9a040dc8f7303ed28a65d028c74cd29df24
Osclass versions 3.4.2 and below suffer from a local file inclusion vulnerability.
540c5a7d1919e55e0e1b5450e86af76917b39fa680c1edfea9aecdb3e4c5c065
Osclass versions 3.4.2 and below suffer from a remote shell upload vulnerability.
825d51702a5b5cff864eca84c0ff288307cf0918b165529a013cccb1666471cd
Osclass versions 3.4.2 and below suffer from a remote SQL injection vulnerability.
feb708538ef7cc58e421b2def7ebaeb3f6f71a708040f56f501d7b1cde85fc88