:: Deepquest ::

SugarCRM versions 6.5.18 and below suffer from two PHP code injection vulnerabilities.

SugarCRM versions 6.5.18 and below suffer from a MySugar::addDashlet insecure fopen() usage that can lead to command injection, cross site scripting, and server-side request forgery exploitation.

This Metasploit module exploits a file upload vulnerability in Wolf CMS version 0.8.2. This application has an upload feature that allows an authenticated user with administrator roles to upload arbitrary files to the ‘/public’ directory.

This Metasploit module exploits a buffer overflow vulnerability found in the ls command of the PCMAN FTP version 2.0.7 Server.

WordPress Contus Video Comments plugin version 1.0 suffers from a remote file upload vulnerability.

Open-Xchange App Suite versions 7.8.1 and below suffer from an information disclosure vulnerability.

Tiki-Wiki CMS’s calendar module contains a remote code execution vulnerability within the viewmode GET parameter. The calendar module is NOT enabled by default. If enabled, the default permissions are set to NOT allow anonymous users to access.

Quick.Cart.Ext versions 6.7 and below remote admin add cross site request forgery exploit.

Dolibarr CRM versions prior to 3.9.1 suffer from a command injection vulnerability.

Getsimple CMS versions 3.3.10 and below suffer from a remote shell upload vulnerability.