what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Dolibarr ERP / CRM 13.0.2 Remote Code Execution
Posted Nov 10, 2021
Authored by Nick Decker | Site trovent.io

Dolibarr ERP and CRM version 13.0.2 suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2021-33816
SHA-256 | 0dd7e4e38cc6c0c22d88da8c1315ae0c0f36dd8f9385afa1c3a2edd42c937216

Related Files

Ubuntu Security Notice USN-1924-2
Posted Aug 7, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1924-2 - USN-1924-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Ubufox and Unity Firefox Extension. Jeff Gilbert, Henrik Skupin, Ben Turner, Christian Holler, Andrew McCreight, Gary Kwong, Jan Varga and Jesse Ruderman discovered multiple memory safety issues in Firefox. If the user were tricked in to opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Firefox. A use-after-free bug was discovered when the DOM is modified during a SetBody mutation event. If the user were tricked in to opening a specially crafted page, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. A use-after-free bug was discovered when generating a CRMF request with certain parameters. If the user were tricked in to opening a specially crafted page, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. Aki Helin discovered a crash when decoding a WAV file in some circumstances. An attacker could potentially exploit this to cause a denial of service. It was discovered that a document's URI could be set to the URI of a different document. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. A flaw was discovered when generating a CRMF request in certain circumstances. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks, or execute arbitrary code with the privileges of the user invoking Firefox. Bobby Holley discovered that XBL scopes could be used to circumvent XrayWrappers in certain circumstances. An attacked could potentially exploit this to conduct cross-site scripting (XSS) attacks or cause undefined behaviour. Cody Crews discovered that some Javascript components performed security checks against the wrong URI, potentially bypassing same-origin policy restrictions. An attacker could exploit this to conduct cross-site scripting (XSS) attacks or install addons from a malicious site. Federico Lanusse discovered that web workers could bypass cross-origin checks when using XMLHttpRequest. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. Georgi Guninski and John Schoenick discovered that Java applets could access local files under certain circumstances. An attacker could potentially exploit this to steal confidential data. Various other issues were also addressed.

tags | advisory, web, denial of service, arbitrary, local, javascript, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2013-1704, CVE-2013-1705, CVE-2013-1708, CVE-2013-1709, CVE-2013-1710, CVE-2013-1711, CVE-2013-1713, CVE-2013-1714, CVE-2013-1717
SHA-256 | d5607d8e20cc440391ba757e7d3496cd61fbee9d67917085c9b5c5ebf59e0da4
vtiger CRM 5.4.0 Authentication Bypass
Posted Aug 2, 2013
Authored by EgiX | Site karmainsecurity.com

vtiger CRM versions 5.4.0 and below suffer from an authentication bypass vulnerability in the validateSession() function of multiple SOAP services.

tags | advisory, bypass
advisories | CVE-2013-3215
SHA-256 | 4c13f831557ef27b5842aff9fd698a9ebf4ce0876e6b9976884ca5c5550883da
vtiger CRM 5.4.0 SQL Injection
Posted Aug 1, 2013
Authored by EgiX | Site karmainsecurity.com

vtiger CRM versions 5.4.0 and below suffer from multiple remote SQL injection vulnerabilities in customerportal.php.

tags | advisory, remote, php, vulnerability, sql injection
advisories | CVE-2013-3213
SHA-256 | 0bdbe4caa49a6accff478f7e437e0fb94a9d85c37596d337ecd9e9829b7ce9ee
vtiger CRM 5.40 Local File Inclusion
Posted Aug 1, 2013
Authored by EgiX | Site karmainsecurity.com

vtiger CRM versions 5.4.0 and below suffer from multiple local file inclusion vulnerabilities in customerportal.php.

tags | advisory, local, php, vulnerability, file inclusion
advisories | CVE-2013-3212
SHA-256 | 29e3aad2d7ca794886041f23e78628f30acc7129c030d2bf78107c3a25fe0a1f
vtiger CRM 5.4.0 PHP Code Injection
Posted Aug 1, 2013
Authored by EgiX | Site karmainsecurity.com

vtiger CRM versions 5.4.0 and below suffer from a remote PHP code injection vulnerability in vtigerolservice.php.

tags | advisory, remote, php
advisories | CVE-2013-3214
SHA-256 | 815a18f425acb88ab1539eda82729d41812748d11048ac8fb98c75353fce269b
Janissaries Joomla Civicrm Shell Upload
Posted Apr 22, 2013
Authored by miyachung

Janissaries Joomla Civicrm component exploitation tool that uploads a shell.

tags | exploit, shell
SHA-256 | a0d2608dc143c3c9606df7b7c625c70c510de3c71f8eee4f0a1e2f23601c835a
Secunia Security Advisory 51891
Posted Jan 17, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Oracle Siebel CRM, which can be exploited by malicious users to disclose certain sensitive information and cause a DoS (Denial of Service) and by malicious people to disclose certain sensitive information, manipulate certain data, and cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
SHA-256 | e6ce648f43d8f065aafc7e50c045089d592c26bcfd2fc4af9fabdf0db3b4ae87
Secunia Security Advisory 51305
Posted Nov 20, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability with an unknown impact has been reported in the vTiger CRM Lead Capture plugin for WordPress.

tags | advisory
SHA-256 | af6100980a657ab2be4242a638cc1762fcac2ba01f0da77b382f770a51e40fdb
Secunia Security Advisory 51229
Posted Nov 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in the CiviCRM module for Drupal, which can be exploited by malicious people to conduct spoofing attacks.

tags | advisory, spoof
SHA-256 | d4ae4124a4cdc1cab017118ad5c53fdb91d9af3debd714751afe1903d7b7c8f3
Drupal Webform CiviCRM Integration 7.x Access Bypass
Posted Nov 8, 2012
Authored by Coleman Watts | Site drupal.org

Drupal Webform CiviCRM Integration third party module version 7.x suffers from an access bypass vulnerability.

tags | advisory, bypass
SHA-256 | b76b03e4b8ce8562a35fd0ad76b0df92b97e07f3fb7533e3042532c7b5bb2f1a
Secunia Security Advisory 51058
Posted Oct 23, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - HTTPCS has discovered two vulnerabilities in Dolibarr ERP/CRM, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | 0e8002d56d3f0652391c5b00efd5db29110678b5fa276fc5381642b840c67d6a
Secunia Security Advisory 51002
Posted Oct 20, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in Oracle Siebel CRM, which can be exploited by malicious users and malicious people to disclose certain sensitive information.

tags | advisory, vulnerability
SHA-256 | ea805e89d6ceff73c563a3185a75e710e47041c4e6f05c04f1021de36eeac293
Secunia Security Advisory 50384
Posted Sep 1, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Brendan Coles has discovered a weakness and some vulnerabilities in SugarCRM, which can be exploited by malicious users to conduct script insertion attacks, disclose sensitive information, and conduct SQL injection attacks and by malicious people to disclose certain system information.

tags | advisory, vulnerability, sql injection
SHA-256 | a946df528af1f95f6c5b99df6b75b0ee1890dd4a3fbc2e5a912e605c4e71e8ce
Joomla 1.7 / 2.5 Civicrm Arbitrary File Upload
Posted Aug 22, 2012
Authored by Crim3R

Joomla versions 1.7 and 2.5 suffers from an arbitrary file upload vulnerability in the Civicrm component.

tags | exploit, arbitrary, file upload
SHA-256 | 5409c8f69be1b43458970487fee32a18637708e439cd0869b6a54d62c9b6bb0e
Secunia Security Advisory 49952
Posted Jul 19, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Oracle Siebel CRM, which can be exploited by malicious users to disclose certain sensitive information and by malicious people to disclose certain sensitive information, manipulate certain data, and cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
SHA-256 | e05d58092d12b1288b4ef3057ee5b9da421bbe48e5f3e35984b9e947e929d797
Secunia Security Advisory 49689
Posted Jun 29, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Egidio Romano has reported a vulnerability in SugarCRM, which can be exploited by malicious users to compromise a vulnerable system.

tags | advisory
SHA-256 | 0b5b1482b378643f2bf6632ee0323f03da626add0f05cfbc0c91c32a42618324
SugarCRM 6.3.1 unserialize() PHP Code Execution
Posted Jun 27, 2012
Authored by EgiX, sinn3r, juan vazquez | Site metasploit.com

This Metasploit module exploits a php unserialize() vulnerability in SugarCRM versions 6.3.1 and below which could be abused to allow authenticated SugarCRM users to execute arbitrary code with the permissions of the webserver. The dangerous unserialize() exists in the 'include/MVC/View/views/view.list.php' script, which is called with user controlled data from the 'current_query_by_page' parameter. The exploit abuses the __destruct() method from the SugarTheme class to write arbitrary PHP code to a 'pathCache.php' on the web root.

tags | exploit, web, arbitrary, root, php
advisories | CVE-2012-0694
SHA-256 | 1e73a4a4f9bf312d43feeea95213bce49f5dcf97660320b96cca53b8c0f4ba3d
SugarCRM CE 6.3.1 PHP Code Execution
Posted Jun 25, 2012
Authored by EgiX

SugarCRM CE versions 6.3.1 and below suffer from an unserialize() PHP code execution vulnerability.

tags | exploit, php, code execution
advisories | CVE-2012-0694
SHA-256 | aab5a6efe1a4cde61efe9db861472c86ce178987dbf7a7fa592b500fdf1a7a17
Secunia Security Advisory 48876
Posted Apr 21, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Oracle PeopleSoft Enterprise CRM, which can be exploited by malicious people to manipulate certain data.

tags | advisory
SHA-256 | f9baa24af1906b6b48ad20e20b4060dcafdb991ba82ee5fca09cdde271130e3f
GroupWare epesiBIM CRM 1.2.1 Cross Site Scripting
Posted Apr 11, 2012
Authored by Chokri Ben Achor, Vulnerability Laboratory | Site vulnerability-lab.com

GroupWare epesiBIM CRM version 1.2.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | c8547aac5f5cba34e71dc25c9a17b80bad80d40910df5ab397eefbfb9b3d332a
Dolibarr ERP & CRM 3 Post-Auth OS Command Injection
Posted Apr 10, 2012
Authored by Nahuel Grisolia, sinn3r | Site metasploit.com

This Metasploit module exploits a vulnerability found in Dolibarr ERP/CRM's backup feature. This software is used to manage a company's business information such as contacts, invoices, orders, stocks, agenda, etc. When processing a database backup request, the export.php function does not check the input given to the sql_compat parameter, which allows a remote authenticated attacker to inject system commands into it, and then gain arbitrary code execution.

tags | exploit, remote, arbitrary, php, code execution
SHA-256 | f473f9176eddcff3e9c592e1ef0bfc7d0a0e762392a39abfb965fb4ca8ee9b22
Dolibarr ERP / CRM OS Command Injection
Posted Apr 7, 2012
Authored by Nahuel Grisolia

Dolibarr ERP and CRM suffers from an operating system command injection vulnerability. Versions 3.1.1 and below and 3.2.0 and below are affected.

tags | exploit
SHA-256 | 12cbccf9e032e58bbcfb558ce094025f740cd5c49cca609440f370009e6de991
Vtiger 5.1.0 Local File Inclusion
Posted Mar 21, 2012
Authored by Pi3rrot

Vtiger CRM version 5.1.0 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 8e83c51a72f991a07299b08bbdf81235ef5012669b9869013fa6ec78756b144d
Secunia Security Advisory 47969
Posted Feb 10, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Vulnerability-Lab has discovered a vulnerability in Dolibarr ERP/CRM, which can be exploited by malicious users to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | 140e2461dfc9fe15e375b5a5ffca2b63969d8c558447c5d1db00c9c0252effed
Secunia Security Advisory 47621
Posted Jan 23, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Oracle PeopleSoft Enterprise CRM, which can be exploited by malicious users to manipulate certain data.

tags | advisory
SHA-256 | 3ff3aace7089dcd1ac5051e9ff23333226fd8168c4ce507260d3c0eff95e0670
Page 1 of 4
Back1234Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close