Roxy Fileman version 1.4.5 suffers from remote file upload and directory traversal vulnerabilities.
>> CATEGORY: exploit
Ox App Suite versions 7.8.4 and 7.8.3 suffer from cross site scripting, cross site request forgery, and information disclosure vulnerabilities.
Ajera Timesheets versions 9.10.16 and below suffer from a vulnerability where it performs deserialization of untrusted data.
Leica Geosystems GR10/GR25/GR30/GR50 GNSS version 4.30.063 suffers from a cross site request forgery vulnerability.
Leica Geosystems GR10/GR25/GR30/GR50 GNSS version 4.30.063 suffers from a stored cross site scripting vulnerability. The issue is triggered via unrestricted file upload while restoring a config file allowing the attacker…
SugarCRM versions prior to 7.9.4.0 and 7.11.0.0 suffer from a PHP code injection vulnerability in the WorkFlow module. User input passed through the $_POST[‘base_module’] parameter to the “Save” action of…
Oracle Application Express versions prior to 5.1.4.00.08 suffer from a cross site scripting vulnerability. The vulnerability is located in the OracleAnyChart.swf file. User input passed through the “__externalobjid” GET parameter…
SugarCRM versions prior to 7.9.5.0, 8.0.2, and 8.2.0 suffer from a PHP code injection vulnerability. User input passed through key values of the ‘labels_’ parameters is not properly sanitized before…
SugarCRM versions prior to 7.9.5.0, 8.0.2, and 8.2.0 suffer from a PHP code injection vulnerability. User input passed through the “trigger_event” parameter is not properly sanitized before being used to…
SugarCRM versions prior to 7.9.5.0, 8.0.2, and 8.2.0 suffer from a path traversal vulnerability. User input passed through the “webhook_target_module” parameter is not properly sanitized before being used to save…