exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Small CRM 1.0 SQL Injection
Posted Jun 6, 2024
Authored by Furkan Eren Tetik

Small CRM version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | b28b7c8f0127bb7241844c226808ff4819e91f0a3f1cd46bc893d8a250420809

Related Files

Ubuntu Security Notice USN-1924-2
Posted Aug 7, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1924-2 - USN-1924-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Ubufox and Unity Firefox Extension. Jeff Gilbert, Henrik Skupin, Ben Turner, Christian Holler, Andrew McCreight, Gary Kwong, Jan Varga and Jesse Ruderman discovered multiple memory safety issues in Firefox. If the user were tricked in to opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Firefox. A use-after-free bug was discovered when the DOM is modified during a SetBody mutation event. If the user were tricked in to opening a specially crafted page, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. A use-after-free bug was discovered when generating a CRMF request with certain parameters. If the user were tricked in to opening a specially crafted page, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. Aki Helin discovered a crash when decoding a WAV file in some circumstances. An attacker could potentially exploit this to cause a denial of service. It was discovered that a document's URI could be set to the URI of a different document. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. A flaw was discovered when generating a CRMF request in certain circumstances. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks, or execute arbitrary code with the privileges of the user invoking Firefox. Bobby Holley discovered that XBL scopes could be used to circumvent XrayWrappers in certain circumstances. An attacked could potentially exploit this to conduct cross-site scripting (XSS) attacks or cause undefined behaviour. Cody Crews discovered that some Javascript components performed security checks against the wrong URI, potentially bypassing same-origin policy restrictions. An attacker could exploit this to conduct cross-site scripting (XSS) attacks or install addons from a malicious site. Federico Lanusse discovered that web workers could bypass cross-origin checks when using XMLHttpRequest. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. Georgi Guninski and John Schoenick discovered that Java applets could access local files under certain circumstances. An attacker could potentially exploit this to steal confidential data. Various other issues were also addressed.

tags | advisory, web, denial of service, arbitrary, local, javascript, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2013-1704, CVE-2013-1705, CVE-2013-1708, CVE-2013-1709, CVE-2013-1710, CVE-2013-1711, CVE-2013-1713, CVE-2013-1714, CVE-2013-1717
SHA-256 | d5607d8e20cc440391ba757e7d3496cd61fbee9d67917085c9b5c5ebf59e0da4
vtiger CRM 5.4.0 Authentication Bypass
Posted Aug 2, 2013
Authored by EgiX | Site karmainsecurity.com

vtiger CRM versions 5.4.0 and below suffer from an authentication bypass vulnerability in the validateSession() function of multiple SOAP services.

tags | advisory, bypass
advisories | CVE-2013-3215
SHA-256 | 4c13f831557ef27b5842aff9fd698a9ebf4ce0876e6b9976884ca5c5550883da
vtiger CRM 5.4.0 SQL Injection
Posted Aug 1, 2013
Authored by EgiX | Site karmainsecurity.com

vtiger CRM versions 5.4.0 and below suffer from multiple remote SQL injection vulnerabilities in customerportal.php.

tags | advisory, remote, php, vulnerability, sql injection
advisories | CVE-2013-3213
SHA-256 | 0bdbe4caa49a6accff478f7e437e0fb94a9d85c37596d337ecd9e9829b7ce9ee
vtiger CRM 5.40 Local File Inclusion
Posted Aug 1, 2013
Authored by EgiX | Site karmainsecurity.com

vtiger CRM versions 5.4.0 and below suffer from multiple local file inclusion vulnerabilities in customerportal.php.

tags | advisory, local, php, vulnerability, file inclusion
advisories | CVE-2013-3212
SHA-256 | 29e3aad2d7ca794886041f23e78628f30acc7129c030d2bf78107c3a25fe0a1f
vtiger CRM 5.4.0 PHP Code Injection
Posted Aug 1, 2013
Authored by EgiX | Site karmainsecurity.com

vtiger CRM versions 5.4.0 and below suffer from a remote PHP code injection vulnerability in vtigerolservice.php.

tags | advisory, remote, php
advisories | CVE-2013-3214
SHA-256 | 815a18f425acb88ab1539eda82729d41812748d11048ac8fb98c75353fce269b
Janissaries Joomla Civicrm Shell Upload
Posted Apr 22, 2013
Authored by miyachung

Janissaries Joomla Civicrm component exploitation tool that uploads a shell.

tags | exploit, shell
SHA-256 | a0d2608dc143c3c9606df7b7c625c70c510de3c71f8eee4f0a1e2f23601c835a
Secunia Security Advisory 51891
Posted Jan 17, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Oracle Siebel CRM, which can be exploited by malicious users to disclose certain sensitive information and cause a DoS (Denial of Service) and by malicious people to disclose certain sensitive information, manipulate certain data, and cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
SHA-256 | e6ce648f43d8f065aafc7e50c045089d592c26bcfd2fc4af9fabdf0db3b4ae87
Secunia Security Advisory 51305
Posted Nov 20, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability with an unknown impact has been reported in the vTiger CRM Lead Capture plugin for WordPress.

tags | advisory
SHA-256 | af6100980a657ab2be4242a638cc1762fcac2ba01f0da77b382f770a51e40fdb
Secunia Security Advisory 51229
Posted Nov 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in the CiviCRM module for Drupal, which can be exploited by malicious people to conduct spoofing attacks.

tags | advisory, spoof
SHA-256 | d4ae4124a4cdc1cab017118ad5c53fdb91d9af3debd714751afe1903d7b7c8f3
Drupal Webform CiviCRM Integration 7.x Access Bypass
Posted Nov 8, 2012
Authored by Coleman Watts | Site drupal.org

Drupal Webform CiviCRM Integration third party module version 7.x suffers from an access bypass vulnerability.

tags | advisory, bypass
SHA-256 | b76b03e4b8ce8562a35fd0ad76b0df92b97e07f3fb7533e3042532c7b5bb2f1a
Secunia Security Advisory 51058
Posted Oct 23, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - HTTPCS has discovered two vulnerabilities in Dolibarr ERP/CRM, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | 0e8002d56d3f0652391c5b00efd5db29110678b5fa276fc5381642b840c67d6a
Secunia Security Advisory 51002
Posted Oct 20, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in Oracle Siebel CRM, which can be exploited by malicious users and malicious people to disclose certain sensitive information.

tags | advisory, vulnerability
SHA-256 | ea805e89d6ceff73c563a3185a75e710e47041c4e6f05c04f1021de36eeac293
Secunia Security Advisory 50384
Posted Sep 1, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Brendan Coles has discovered a weakness and some vulnerabilities in SugarCRM, which can be exploited by malicious users to conduct script insertion attacks, disclose sensitive information, and conduct SQL injection attacks and by malicious people to disclose certain system information.

tags | advisory, vulnerability, sql injection
SHA-256 | a946df528af1f95f6c5b99df6b75b0ee1890dd4a3fbc2e5a912e605c4e71e8ce
Joomla 1.7 / 2.5 Civicrm Arbitrary File Upload
Posted Aug 22, 2012
Authored by Crim3R

Joomla versions 1.7 and 2.5 suffers from an arbitrary file upload vulnerability in the Civicrm component.

tags | exploit, arbitrary, file upload
SHA-256 | 5409c8f69be1b43458970487fee32a18637708e439cd0869b6a54d62c9b6bb0e
Secunia Security Advisory 49952
Posted Jul 19, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Oracle Siebel CRM, which can be exploited by malicious users to disclose certain sensitive information and by malicious people to disclose certain sensitive information, manipulate certain data, and cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
SHA-256 | e05d58092d12b1288b4ef3057ee5b9da421bbe48e5f3e35984b9e947e929d797
Secunia Security Advisory 49689
Posted Jun 29, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Egidio Romano has reported a vulnerability in SugarCRM, which can be exploited by malicious users to compromise a vulnerable system.

tags | advisory
SHA-256 | 0b5b1482b378643f2bf6632ee0323f03da626add0f05cfbc0c91c32a42618324
SugarCRM 6.3.1 unserialize() PHP Code Execution
Posted Jun 27, 2012
Authored by EgiX, sinn3r, juan vazquez | Site metasploit.com

This Metasploit module exploits a php unserialize() vulnerability in SugarCRM versions 6.3.1 and below which could be abused to allow authenticated SugarCRM users to execute arbitrary code with the permissions of the webserver. The dangerous unserialize() exists in the 'include/MVC/View/views/view.list.php' script, which is called with user controlled data from the 'current_query_by_page' parameter. The exploit abuses the __destruct() method from the SugarTheme class to write arbitrary PHP code to a 'pathCache.php' on the web root.

tags | exploit, web, arbitrary, root, php
advisories | CVE-2012-0694
SHA-256 | 1e73a4a4f9bf312d43feeea95213bce49f5dcf97660320b96cca53b8c0f4ba3d
SugarCRM CE 6.3.1 PHP Code Execution
Posted Jun 25, 2012
Authored by EgiX

SugarCRM CE versions 6.3.1 and below suffer from an unserialize() PHP code execution vulnerability.

tags | exploit, php, code execution
advisories | CVE-2012-0694
SHA-256 | aab5a6efe1a4cde61efe9db861472c86ce178987dbf7a7fa592b500fdf1a7a17
Secunia Security Advisory 48876
Posted Apr 21, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Oracle PeopleSoft Enterprise CRM, which can be exploited by malicious people to manipulate certain data.

tags | advisory
SHA-256 | f9baa24af1906b6b48ad20e20b4060dcafdb991ba82ee5fca09cdde271130e3f
GroupWare epesiBIM CRM 1.2.1 Cross Site Scripting
Posted Apr 11, 2012
Authored by Chokri Ben Achor, Vulnerability Laboratory | Site vulnerability-lab.com

GroupWare epesiBIM CRM version 1.2.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | c8547aac5f5cba34e71dc25c9a17b80bad80d40910df5ab397eefbfb9b3d332a
Dolibarr ERP & CRM 3 Post-Auth OS Command Injection
Posted Apr 10, 2012
Authored by Nahuel Grisolia, sinn3r | Site metasploit.com

This Metasploit module exploits a vulnerability found in Dolibarr ERP/CRM's backup feature. This software is used to manage a company's business information such as contacts, invoices, orders, stocks, agenda, etc. When processing a database backup request, the export.php function does not check the input given to the sql_compat parameter, which allows a remote authenticated attacker to inject system commands into it, and then gain arbitrary code execution.

tags | exploit, remote, arbitrary, php, code execution
SHA-256 | f473f9176eddcff3e9c592e1ef0bfc7d0a0e762392a39abfb965fb4ca8ee9b22
Dolibarr ERP / CRM OS Command Injection
Posted Apr 7, 2012
Authored by Nahuel Grisolia

Dolibarr ERP and CRM suffers from an operating system command injection vulnerability. Versions 3.1.1 and below and 3.2.0 and below are affected.

tags | exploit
SHA-256 | 12cbccf9e032e58bbcfb558ce094025f740cd5c49cca609440f370009e6de991
Vtiger 5.1.0 Local File Inclusion
Posted Mar 21, 2012
Authored by Pi3rrot

Vtiger CRM version 5.1.0 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 8e83c51a72f991a07299b08bbdf81235ef5012669b9869013fa6ec78756b144d
Secunia Security Advisory 47969
Posted Feb 10, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Vulnerability-Lab has discovered a vulnerability in Dolibarr ERP/CRM, which can be exploited by malicious users to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | 140e2461dfc9fe15e375b5a5ffca2b63969d8c558447c5d1db00c9c0252effed
Secunia Security Advisory 47621
Posted Jan 23, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Oracle PeopleSoft Enterprise CRM, which can be exploited by malicious users to manipulate certain data.

tags | advisory
SHA-256 | 3ff3aace7089dcd1ac5051e9ff23333226fd8168c4ce507260d3c0eff95e0670
Page 1 of 4
Back1234Next

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    21 Files
  • 17
    Sep 17th
    51 Files
  • 18
    Sep 18th
    23 Files
  • 19
    Sep 19th
    48 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close