seeing is believing
Showing 1 - 25 of 100 RSS Feed

Files

Stark CRM 1.0 Script Injection / Session Riding
Posted Feb 21, 2014
Authored by LiquidWorm | Site zeroscience.mk

Multiple stored cross site scripting and cross site request forgery vulnerabilities exist when parsing user input to several POST parameters in Stark CRM version 1.0. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site and/or execute arbitrary HTML and script code in a user's browser session.

tags | exploit, web, arbitrary, vulnerability, xss, csrf
MD5 | 0255123458b0d31838c6436467fd1367

Related Files

Ubuntu Security Notice USN-1924-2
Posted Aug 7, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1924-2 - USN-1924-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Ubufox and Unity Firefox Extension. Jeff Gilbert, Henrik Skupin, Ben Turner, Christian Holler, Andrew McCreight, Gary Kwong, Jan Varga and Jesse Ruderman discovered multiple memory safety issues in Firefox. If the user were tricked in to opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Firefox. A use-after-free bug was discovered when the DOM is modified during a SetBody mutation event. If the user were tricked in to opening a specially crafted page, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. A use-after-free bug was discovered when generating a CRMF request with certain parameters. If the user were tricked in to opening a specially crafted page, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. Aki Helin discovered a crash when decoding a WAV file in some circumstances. An attacker could potentially exploit this to cause a denial of service. It was discovered that a document's URI could be set to the URI of a different document. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. A flaw was discovered when generating a CRMF request in certain circumstances. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks, or execute arbitrary code with the privileges of the user invoking Firefox. Bobby Holley discovered that XBL scopes could be used to circumvent XrayWrappers in certain circumstances. An attacked could potentially exploit this to conduct cross-site scripting (XSS) attacks or cause undefined behaviour. Cody Crews discovered that some Javascript components performed security checks against the wrong URI, potentially bypassing same-origin policy restrictions. An attacker could exploit this to conduct cross-site scripting (XSS) attacks or install addons from a malicious site. Federico Lanusse discovered that web workers could bypass cross-origin checks when using XMLHttpRequest. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. Georgi Guninski and John Schoenick discovered that Java applets could access local files under certain circumstances. An attacker could potentially exploit this to steal confidential data. Various other issues were also addressed.

tags | advisory, web, denial of service, arbitrary, local, javascript, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2013-1704, CVE-2013-1705, CVE-2013-1708, CVE-2013-1709, CVE-2013-1710, CVE-2013-1711, CVE-2013-1713, CVE-2013-1714, CVE-2013-1717
MD5 | 648ad9664d024d837cfaa2d628f25ba2
vtiger CRM 5.4.0 Authentication Bypass
Posted Aug 2, 2013
Authored by EgiX | Site karmainsecurity.com

vtiger CRM versions 5.4.0 and below suffer from an authentication bypass vulnerability in the validateSession() function of multiple SOAP services.

tags | advisory, bypass
advisories | CVE-2013-3215
MD5 | 9b6cd45b8617951a38992ce83060d4f9
vtiger CRM 5.4.0 SQL Injection
Posted Aug 1, 2013
Authored by EgiX | Site karmainsecurity.com

vtiger CRM versions 5.4.0 and below suffer from multiple remote SQL injection vulnerabilities in customerportal.php.

tags | advisory, remote, php, vulnerability, sql injection
advisories | CVE-2013-3213
MD5 | eb32d02840c7bb5f58ecf7cb422e4385
vtiger CRM 5.40 Local File Inclusion
Posted Aug 1, 2013
Authored by EgiX | Site karmainsecurity.com

vtiger CRM versions 5.4.0 and below suffer from multiple local file inclusion vulnerabilities in customerportal.php.

tags | advisory, local, php, vulnerability, file inclusion
advisories | CVE-2013-3212
MD5 | 18163b8839c6d56e9596ac59ca76520f
vtiger CRM 5.4.0 PHP Code Injection
Posted Aug 1, 2013
Authored by EgiX | Site karmainsecurity.com

vtiger CRM versions 5.4.0 and below suffer from a remote PHP code injection vulnerability in vtigerolservice.php.

tags | advisory, remote, php
advisories | CVE-2013-3214
MD5 | 481c4427aba2d75b6cdfa78f0bb910cf
Janissaries Joomla Civicrm Shell Upload
Posted Apr 22, 2013
Authored by miyachung

Janissaries Joomla Civicrm component exploitation tool that uploads a shell.

tags | exploit, shell
MD5 | b8236f495a037eb3efd5b064859f840e
Secunia Security Advisory 51891
Posted Jan 17, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Oracle Siebel CRM, which can be exploited by malicious users to disclose certain sensitive information and cause a DoS (Denial of Service) and by malicious people to disclose certain sensitive information, manipulate certain data, and cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
MD5 | 332d92ca62d8e42c897cbf4d043b8efc
Secunia Security Advisory 51305
Posted Nov 20, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability with an unknown impact has been reported in the vTiger CRM Lead Capture plugin for WordPress.

tags | advisory
MD5 | ba671a5927edb7b38ee5d1a34731d330
Secunia Security Advisory 51229
Posted Nov 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in the CiviCRM module for Drupal, which can be exploited by malicious people to conduct spoofing attacks.

tags | advisory, spoof
MD5 | 18aaec596ae8aa4d44632a04fb84bdfd
Drupal Webform CiviCRM Integration 7.x Access Bypass
Posted Nov 8, 2012
Authored by Coleman Watts | Site drupal.org

Drupal Webform CiviCRM Integration third party module version 7.x suffers from an access bypass vulnerability.

tags | advisory, bypass
MD5 | e6312abeaf2d7e5b7f02dd814102d61c
Secunia Security Advisory 51058
Posted Oct 23, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - HTTPCS has discovered two vulnerabilities in Dolibarr ERP/CRM, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
MD5 | 48163250d6bdb05d7c7edf88632c4d31
Secunia Security Advisory 51002
Posted Oct 20, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in Oracle Siebel CRM, which can be exploited by malicious users and malicious people to disclose certain sensitive information.

tags | advisory, vulnerability
MD5 | a12e8d326ada14a64c1cbcecfdea4f71
Secunia Security Advisory 50384
Posted Sep 1, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Brendan Coles has discovered a weakness and some vulnerabilities in SugarCRM, which can be exploited by malicious users to conduct script insertion attacks, disclose sensitive information, and conduct SQL injection attacks and by malicious people to disclose certain system information.

tags | advisory, vulnerability, sql injection
MD5 | 76639bf80d17f6e905a14a4ccd35724e
Joomla 1.7 / 2.5 Civicrm Arbitrary File Upload
Posted Aug 22, 2012
Authored by Crim3R

Joomla versions 1.7 and 2.5 suffers from an arbitrary file upload vulnerability in the Civicrm component.

tags | exploit, arbitrary, file upload
MD5 | 57debf2857533527bfe0aba9b7abcbf9
Secunia Security Advisory 49952
Posted Jul 19, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Oracle Siebel CRM, which can be exploited by malicious users to disclose certain sensitive information and by malicious people to disclose certain sensitive information, manipulate certain data, and cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
MD5 | 80e4c1c959285fb5996b9f303a47095c
Secunia Security Advisory 49689
Posted Jun 29, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Egidio Romano has reported a vulnerability in SugarCRM, which can be exploited by malicious users to compromise a vulnerable system.

tags | advisory
MD5 | 00036361e1d5b056ba4e8bb3efb3b8b7
SugarCRM 6.3.1 unserialize() PHP Code Execution
Posted Jun 27, 2012
Authored by EgiX, sinn3r, juan vazquez | Site metasploit.com

This Metasploit module exploits a php unserialize() vulnerability in SugarCRM versions 6.3.1 and below which could be abused to allow authenticated SugarCRM users to execute arbitrary code with the permissions of the webserver. The dangerous unserialize() exists in the 'include/MVC/View/views/view.list.php' script, which is called with user controlled data from the 'current_query_by_page' parameter. The exploit abuses the __destruct() method from the SugarTheme class to write arbitrary PHP code to a 'pathCache.php' on the web root.

tags | exploit, web, arbitrary, root, php
advisories | CVE-2012-0694
MD5 | 7d01dafa74c844c1735769142b67e3ac
SugarCRM CE 6.3.1 PHP Code Execution
Posted Jun 25, 2012
Authored by EgiX

SugarCRM CE versions 6.3.1 and below suffer from an unserialize() PHP code execution vulnerability.

tags | exploit, php, code execution
advisories | CVE-2012-0694
MD5 | 4e1ff130d3e0520df25511c645de85f6
Secunia Security Advisory 48876
Posted Apr 21, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Oracle PeopleSoft Enterprise CRM, which can be exploited by malicious people to manipulate certain data.

tags | advisory
MD5 | bdfcace6585402253a8115f36117e3eb
GroupWare epesiBIM CRM 1.2.1 Cross Site Scripting
Posted Apr 11, 2012
Authored by Chokri Ben Achor | Site vulnerability-lab.com

GroupWare epesiBIM CRM version 1.2.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 2663bd6db7609e1cf3448329ff2e3322
Dolibarr ERP & CRM 3 Post-Auth OS Command Injection
Posted Apr 10, 2012
Site metasploit.com

This Metasploit module exploits a vulnerability found in Dolibarr ERP/CRM's backup feature. This software is used to manage a company's business information such as contacts, invoices, orders, stocks, agenda, etc. When processing a database backup request, the export.php function does not check the input given to the sql_compat parameter, which allows a remote authenticated attacker to inject system commands into it, and then gain arbitrary code execution.

tags | exploit, remote, arbitrary, php, code execution
MD5 | fa49f4753274e7498df1af82f42e4c55
Dolibarr ERP / CRM OS Command Injection
Posted Apr 7, 2012
Authored by Nahuel Grisolia

Dolibarr ERP and CRM suffers from an operating system command injection vulnerability. Versions 3.1.1 and below and 3.2.0 and below are affected.

tags | exploit
MD5 | 69391022314ccae020b8c458c2916a18
Vtiger 5.1.0 Local File Inclusion
Posted Mar 21, 2012
Authored by Pi3rrot

Vtiger CRM version 5.1.0 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 2499917aff0e59469f022e7bbc2e9c4e
Secunia Security Advisory 47969
Posted Feb 10, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Vulnerability-Lab has discovered a vulnerability in Dolibarr ERP/CRM, which can be exploited by malicious users to conduct SQL injection attacks.

tags | advisory, sql injection
MD5 | 7de3cee756e827b4c616b2e8fb5e46a2
Secunia Security Advisory 47621
Posted Jan 23, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Oracle PeopleSoft Enterprise CRM, which can be exploited by malicious users to manipulate certain data.

tags | advisory
MD5 | f8c84e46fd0d1009061c0c4570faed08
Page 1 of 4
Back1234Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    6 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close