Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.4.0 allows remote authenticated users to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in test/logo/. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6000.

NVD

CVE-2016-0727

April 14, 2017 007admin Leave a comment

The crontab script in the ntp package before 1:4.2.6.p3+dfsg-1ubuntu3.11 on Ubuntu 12.04 LTS, before 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 on Ubuntu 14.04 LTS, on Ubuntu Wily, and before 1:4.2.8p4+dfsg-3ubuntu5.3 on Ubuntu 16.04 LTS allows local users with access to the ntp account to write to arbitrary files and consequently gain privileges via vectors involving statistics directory cleanup.

NVD

CVE-2016-3104

April 14, 2017 007admin Leave a comment

mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a denial of service (memory consumption and process termination) by leveraging in-memory database representation when authenticating against a non-existent database.

007 Software

Vuln: IBM Marketing Platform CVE-2016-0228 Open Redirect Vulnerability

Vuln: Juniper NorthStar Controller Application CVE-2017-2318 Remote Privilege Escalation Vulnerability

Vuln: IBM API Connect CVE-2017-1161 Command Execution Vulnerability

Vuln: LibreOffice CVE-2017-7870 Heap Buffer Overflow Vulnerability

Newly Leaked Hacking Tools Were Worth $2 Million On The Gray Market

Latest Dump of Alleged NSA Tools Is 'The Worst Thing Since Snowden'

Persistent Cross-Site Scripting in Scriptler Jenkins Plugin

CVE-2016-1713

CVE-2016-0727

CVE-2016-3104

Software and Security Information