Showing 1 - 1 of 1

CVE-2014-2268

Status Candidate

Overview

views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote attackers to re-install the application via a request that sets the X-Requested-With HTTP header, as demonstrated by executing arbitrary PHP code via the db_name parameter.

Related Files

Vtiger Install Unauthenticated Remote Command Execution: Posted Apr 8, 2014; Authored by Jonathan Borgeaud | Site metasploit.com; This Metasploit module exploits an arbitrary command execution vulnerability in the Vtiger install script. This Metasploit module is set to ManualRanking due to this module overwriting the target database configuration, which may result in a broken web app, and you may not be able to get a session again.; tags | exploit, web, arbitrary; advisories | CVE-2014-2268; SHA-256 | 168b20b9f1430832a755c5282b7d87e702796d3a8ede2140bfc9bf4996352b16; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 373 files
Ubuntu 80 files
Debian 32 files
Gentoo 25 files
tmrswrr 9 files
R0ckE7 5 files
Ph0s 5 files
Rahad Chowdhury 4 files
Google Security Research 4 files
Chizuru Toyama 3 files

File Archives

Systems

AIX (429)
Apple (2,037)
BSD (375)
CentOS (57)
Cisco (1,926)
Debian (6,910)
Fedora (1,692)
FreeBSD (1,246)
Gentoo (4,379)
HPUX (880)
iOS (363)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (47,775)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (486)
RedHat (14,574)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,117)
UNIX (9,339)
UnixWare (187)
Windows (6,606)
Other

CVE-2014-2268

Overview

Related Files

File Archive:

November 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems