Latest Security News about directory traversal

Contact us to Fix the issue

FiberHome HG2201T Pre-Auth RCE

Overview : FiberHome HG2201T 1.00.M5007_JS_201804 devices allows pre-authentication Directory Traversal for reading arbitrary files. Affected Product(s) : FiberHome HG2201T Vulnerability Details : CVE ID : CVE-2019-17187 Incorrect Access Control/Directory Traversal /var/WEB-GUI/cgi-bin/downloadfile.cgi on FiberHome HG2201T 1.00.M5007_JS_201804 devices allows pre-authentication Directory Traversal for reading arbitrary files. Solution : Apply the vendor Security Patch

Contact us to Fix the issue

SugarCRM security issues released

Overview : CVE-2019-17292 SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Inbox module by an Admin user. CVE-2019-17293 SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Project module by a Regular user. CVE-2019-17294 SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the export function […]

Contact us to Fix the issue

Sugarcrm security issues released

Overview : CVE-2019-17292 SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Inbox module by an Admin user. CVE-2019-17293 SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmse_Project module by a Regular user. CVE-2019-17294 SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the export function […]