[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] [CVE-2014-3244]SugarCRM v6.5.16 rss dashlet LFI via XXE Attack

To: "fulldisclosure@xxxxxxxxxxxx" <fulldisclosure@xxxxxxxxxxxx>
Subject: [FD] [CVE-2014-3244]SugarCRM v6.5.16 rss dashlet LFI via XXE Attack
From: pnig0spnig0s <pnigos@xxxxxxxx>
Date: Tue, 17 Jun 2014 23:48:18 +0000

Product:SugarCRM
Description:SugarCRM enables businesses to create extraordinary customer 
relationships with the most innovative and affordable CRM solution in the 
market.
Version affected:v6.5.16 and less
Type:XML External Entity Attack
Consequence:Arbitrary Local File Read&Potential RCE
Vulnerability Details:http://www.pnigos.com/?p=294Fix Released:This bug has 
fixed in v6.5.17
Bug was found by pnig0s @ FreeBuf.Com
==================================================
Best Regards,pnig0s                                       

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] Vulnerabilities in CDVI ACAC22 [2-Door Controller]
Next by Date: Re: [FD] Secunia CSI/VIM - Filter Bypass & Persistent Validation Vulnerabilities
Previous by thread: [FD] Vulnerabilities in CDVI ACAC22 [2-Door Controller]
Next by thread: [FD] XSS on Dell Site
Index(es):
- Date
- Thread