SugarCRM 0-day Auth Bypass + RCE Exploit

Read Time:22 Second

Posted by sw33t.0day via Fulldisclosure on Dec 30

#!/usr/bin/env python
#
# SugarCRM 0-day Auth Bypass + RCE Exploit
#
# Dorks:
# https://www.google.com/search?q=site:sugarondemand.com&filter=0
# https://www.google.com/search?q=intitle:”SugarCRM”+inurl:index.php
# https://www.shodan.io/search?query=http.title:”SugarCRM"
# https://search.censys.io/search?resource=hosts&q=services.http.response.html_title:”SugarCRM"
#…

USN-7179-1: Linux kernel vulnerabilities

Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. A physically proximate remote...

December 20, 2024

USN-7173-2: Linux kernel vulnerabilities

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to...

December 20, 2024

swiftlint-0.57.1-1.fc42

FEDORA-2024-87d30b4fbf Packages in this update: swiftlint-0.57.1-1.fc42 Update description: Automatic update for swiftlint-0.57.1-1.fc42. Changelog * Fri Dec 20 2024 Davide Cavalca...

December 20, 2024

USN-7166-3: Linux kernel (HWE) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This...

December 20, 2024

USN-7159-4: Linux kernel (IoT) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This...

December 20, 2024

chromium-131.0.6778.204-1.el10_0

FEDORA-EPEL-2024-b98ed0b39c Packages in this update: chromium-131.0.6778.204-1.el10_0 Update description: Update to 131.0.6778.204 High CVE-2024-12692: Type Confusion in V8 High CVE-2024-12693: Out...

December 20, 2024

Friday Squid Blogging: Squid Sticker

Italy’s Data Protection Watchdog Issues €15m Fine to OpenAI Over ChatGPT Probe

Ukraine’s Security Service Probes GRU-Linked Cyber-Attack on State Registers

LockBit Admins Tease a New Ransomware Version

Webcams and DVRs Vulnerable to HiatusRAT, FBI Warns

CISA Urges Encrypted Messaging After Salt Typhoon Hack

Ransomware Attackers Target Industries with Low Downtime Tolerance

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

US Organizations Still Using Kaspersky Products Despite Ban

SugarCRM 0-day Auth Bypass + RCE Exploit

USN-7179-1: Linux kernel vulnerabilities

USN-7173-2: Linux kernel vulnerabilities

swiftlint-0.57.1-1.fc42

USN-7166-3: Linux kernel (HWE) vulnerabilities

USN-7159-4: Linux kernel (IoT) vulnerabilities

chromium-131.0.6778.204-1.el10_0