SugarCRM 0-day Auth Bypass + RCE Exploit

Read Time:22 Second

Posted by sw33t.0day via Fulldisclosure on Dec 30

#!/usr/bin/env python
#
# SugarCRM 0-day Auth Bypass + RCE Exploit
#
# Dorks:
# https://www.google.com/search?q=site:sugarondemand.com&filter=0
# https://www.google.com/search?q=intitle:”SugarCRM”+inurl:index.php
# https://www.shodan.io/search?query=http.title:”SugarCRM"
# https://search.censys.io/search?resource=hosts&q=services.http.response.html_title:”SugarCRM"
#…

cacti-1.2.30-1.el8 cacti-spine-1.2.30-1.el8

FEDORA-EPEL-2025-ba03a05138 Packages in this update: cacti-1.2.30-1.el8 cacti-spine-1.2.30-1.el8 Update description: Update cacti and cacti-spine to version 1.2.30. This includes the upstream...

April 15, 2025

cacti-1.2.30-1.el9 cacti-spine-1.2.30-1.el9

FEDORA-EPEL-2025-19d7286f00 Packages in this update: cacti-1.2.30-1.el9 cacti-spine-1.2.30-1.el9 Update description: Update cacti and cacti-spine to version 1.2.30. This includes the upstream...

April 15, 2025

USN-7437-1: CImg library vulnerabilities

It was discovered that the CImg library did not properly check the size of images before loading them. An attacker...

April 15, 2025

mujs-1.0.9-2.el8

FEDORA-EPEL-2025-141926b526 Packages in this update: mujs-1.0.9-2.el8 Update description: Backport upstream fix for CVE-2021-33796. https://nvd.nist.gov/vuln/detail/CVE-2021-33796 Read More

April 14, 2025