Vtiger CRM 5.4.0 (index.php, onlyforuser param) – SQL Injection
>> TAG: #exploit
Vtiger CRM 5.4.0 (index.php, onlyforuser param) – SQL Injection
Apple Security Advisory 2013-09-18-3 – Xcode 5.0 is now available and addresses a security issue in Git. When using the imap-send command, git did not verify that the server hostname matched a domain name in the X.509 certificate, which allowed a man-in-the-middle attacker to spoof SSL servers via an arbitrary valid certificate. This issue was addressed by updating git to version 1.8.3.1.
Apple Security Advisory 2013-09-18-2 – iOS 7 is now available and addresses Certificate Trust Policy, Core Graphics, Core Media, Data Protection, and various other issues and vulnerabilities.
McKesson ActiveX File/Environmental Variable Enumeration
Wordpress Plugin Complete Gallery Manager 3.3.3 – Arbitrary File Upload Vulnerability
HP ProCurve Manager SNAC UpdateCertificatesServlet File Upload
HP ProCurve Manager SNAC UpdateDomainControllerServlet File Upload
Agnitum Outpost Internet Security Local Privilege Escalation
Mitsubishi MC-WorkX 8.02 ActiveX Control (IcoLaunch) File Execution
Router ONO Hitron CDE-30364 – CSRF Vulnerability