Showing 1 - 1 of 1

CVE-2014-2268

Status Candidate

Overview

views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote attackers to re-install the application via a request that sets the X-Requested-With HTTP header, as demonstrated by executing arbitrary PHP code via the db_name parameter.

Related Files

Vtiger Install Unauthenticated Remote Command Execution: Posted Apr 8, 2014; Authored by Jonathan Borgeaud | Site metasploit.com; This Metasploit module exploits an arbitrary command execution vulnerability in the Vtiger install script. This Metasploit module is set to ManualRanking due to this module overwriting the target database configuration, which may result in a broken web app, and you may not be able to get a session again.; tags | exploit, web, arbitrary; advisories | CVE-2014-2268; SHA-256 | 168b20b9f1430832a755c5282b7d87e702796d3a8ede2140bfc9bf4996352b16; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 174 files
Ubuntu 100 files
indoushka 86 files
Debian 23 files
nu11secur1ty 19 files
CraCkEr 8 files
Google Security Research 7 files
Gentoo 7 files
Apple 6 files
EgiX 5 files

File Archives

Systems

AIX (428)
Apple (2,009)
BSD (373)
CentOS (57)
Cisco (1,925)
Debian (6,842)
Fedora (1,692)
FreeBSD (1,244)
Gentoo (4,329)
HPUX (879)
iOS (353)
iPhone (108)
IRIX (220)
Juniper (68)
Linux (46,806)
Mac OS X (687)
Mandriva (3,105)
NetBSD (256)
OpenBSD (485)
RedHat (13,915)
Slackware (941)
Solaris (1,610)
SUSE (1,444)
Ubuntu (8,935)
UNIX (9,311)
UnixWare (186)
Windows (6,587)
Other

CVE-2014-2268

Overview

Related Files

File Archive:

September 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems