[KIS-2016-05] SugarCRM <= 6.5.18 Two PHP Code Injection Vulnerabilities

2016-06-24 Thread Egidio Romano
- SugarCRM <= 6.5.18 Two PHP Code Injection Vulnerabilities - [-] Software Link: http://www.sugarcrm.com/ [-] Affected Versions: Version 6.5.18 CE and prior versions. [-]

[KIS-2016-04] SugarCRM <= 6.5.18 Missing Authorization Check Vulnerabilities

2016-06-24 Thread Egidio Romano
-- SugarCRM <= 6.5.18 Missing Authorization Check Vulnerabilities -- [-] Software Link: http://www.sugarcrm.com/ [-] Affected Versions: Version 6.5.18 CE and prior

[KIS-2016-06] SugarCRM <= 6.5.18 (MySugar::addDashlet) Insecure fopen() Usage Vulnerability

2016-06-24 Thread Egidio Romano
- SugarCRM <= 6.5.18 (MySugar::addDashlet) Insecure fopen() Usage Vulnerability - [-] Software Link: http://www.sugarcrm.com/ [-] Affected

[KIS-2016-07] SugarCRM <= 6.5.23 (SugarRestSerialize.php) PHP Object Injection Vulnerability

2016-06-24 Thread Egidio Romano
-- SugarCRM <= 6.5.23 (SugarRestSerialize.php) PHP Object Injection Vulnerability -- [-] Software Link: http://www.sugarcrm.com/ [-] Affected

SEC Consult SA-20160624-0 :: ASUS DSL-N55U router XSS and information disclosure

2016-06-24 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20160624-0 > === title: XSS and information disclosure vulnerability product: ASUS DSL-N55U router vulnerable version: 3.0.0.4.376_2736

#146416 Ruby:HTTP Header injection in 'net/http'

2016-06-24 Thread redrain root
TIMELINE rootredrain submitted a report to Ruby. show raw Jun 22nd Hi, I would like to report a HTTP Header injection vulnerability in 'net/http' that allows attackers to inject arbitrary headers in request even create a new evil request. PoC require 'net/http' http =