Lucene search
K

638 matches found

Packet Storm
Packet Storm
added 2010/05/22 12:0 a.m.17 views

vtiger CRM 5.2.0 Cross Site Request Forgery

!--========================================================================================================= //\ /\ /\ /\ /\ /\ ///\ //\ /\ /\///\ // \ // //\ \ / //\ \ / // //\ \ /\\ \ \ \ / / / / // \ \ // // // // \ // //\ \\ \ // /// \ \ / \ / // / // / / / / / \ \ / / / ...

0.5AI score
Exploits0
NVD
NVD
added 2009/09/18 9:30 p.m.14 views

CVE-2009-3257

vtiger CRM before 5.1.0 allows remote authenticated users to bypass the permissions on the 1 Account Billing Address and 2 Shipping Address fields in a profile by creating a Sales Order SO associated with that profile...

3.6CVSS6.2AI score0.00864EPSS
Exploits1References2
Prion
Prion
added 2009/09/18 9:30 p.m.17 views

Code injection

vtiger CRM before 5.1.0 allows remote authenticated users, with certain View privileges, to delete 1 attachments, 2 reports, 3 filters, 4 views, and 5 tickets; insert 6 attachments, 7 reports, 8 filters, 9 views, and 10 tickets; and edit 11 reports, 12 filters, 13 views, and 14 tickets via...

9CVSS6.8AI score0.01726EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2009/09/18 9:30 p.m.12 views

Design/Logic Flaw

vtiger CRM before 5.1.0 allows remote authenticated users to bypass the permissions on the 1 Account Billing Address and 2 Shipping Address fields in a profile by creating a Sales Order SO associated with that profile...

3.6CVSS6.8AI score0.00864EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2009/09/18 9:30 p.m.13 views

CVE-2009-3258

vtiger CRM before 5.1.0 allows remote authenticated users, with certain View privileges, to delete 1 attachments, 2 reports, 3 filters, 4 views, and 5 tickets; insert 6 attachments, 7 reports, 8 filters, 9 views, and 10 tickets; and edit 11 reports, 12 filters, 13 views, and 14 tickets via...

9CVSS6.3AI score0.01726EPSS
Exploits0References4
Cvelist
Cvelist
added 2009/09/18 9:0 p.m.18 views

CVE-2009-3257

vtiger CRM before 5.1.0 allows remote authenticated users to bypass the permissions on the 1 Account Billing Address and 2 Shipping Address fields in a profile by creating a Sales Order SO associated with that profile...

6.2AI score0.00864EPSS
Exploits1References2
Cvelist
Cvelist
added 2009/09/18 9:0 p.m.19 views

CVE-2009-3258

vtiger CRM before 5.1.0 allows remote authenticated users, with certain View privileges, to delete 1 attachments, 2 reports, 3 filters, 4 views, and 5 tickets; insert 6 attachments, 7 reports, 8 filters, 9 views, and 10 tickets; and edit 11 reports, 12 filters, 13 views, and 14 tickets via...

6.3AI score0.01726EPSS
Exploits0References4
CVE
CVE
added 2009/09/18 9:0 p.m.43 views

CVE-2009-3258

vtiger CRM prior to version 5.1.0 is affected. Remote authenticated users with certain View privileges can perform a range of actions, including deleting (attachments, reports, filters, views, tickets), inserting (attachments, reports, filters, views, tickets), and editing (reports, filters, view...

9CVSS6.3AI score0.01726EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2009/09/18 9:0 p.m.55 views

CVE-2009-3257

CVE-2009-3257 in vtiger CRM affects vtiger CRM before 5.1.0. The vulnerability arises when remote authenticated users can bypass permissions on profile fields (Account Billing Address and Shipping Address) by creating a Sales Order associated with that profile. The description implies a permissio...

3.6CVSS6.3AI score0.00864EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2009/09/18 8:30 p.m.11 views

Design/Logic Flaw

The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in 1 .php in installations based on certain Apache HTTP Server configurations, 2...

9CVSS7.8AI score0.10932EPSS
Exploits1References8Affected Software1
Prion
Prion
added 2009/09/18 8:30 p.m.14 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the RSS module in vtiger CRM 5.0.4 allows remote attackers to hijack the authentication of Admin users for requests that modify the news feed system via the rssurl parameter in a Save action to index.php...

6.8CVSS7.6AI score0.01258EPSS
Exploits1References8Affected Software1
NVD
NVD
added 2009/09/18 8:30 p.m.19 views

CVE-2009-3251

include/utils/ListViewUtils.php in vtiger CRM before 5.1.0 allows remote authenticated users to bypass intended access restrictions and read the 1 visibility, 2 location, and 3 recurrence fields of a calendar via a custom view...

4CVSS6.1AI score0.01028EPSS
Exploits0References4
Prion
Prion
added 2009/09/18 8:30 p.m.16 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Activities module in vtiger CRM 5.0.4 allows remote attackers to inject arbitrary web script or HTML via the action parameter to phprint.php. NOTE: the querystring vector is already covered by CVE-2008-3101.3...

4.3CVSS5.9AI score0.03768EPSS
Exploits4References7Affected Software1
Prion
Prion
added 2009/09/18 8:30 p.m.21 views

Directory traversal

Multiple directory traversal vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to include and execute arbitrary local files via a .. dot dot in 1 the module parameter to graph.php; or the 2 module or 3 file parameter to include/Ajax/CommonAjax.php, reachable through...

7.5CVSS7.4AI score0.09592EPSS
Exploits7References9Affected Software1
NVD
NVD
added 2009/09/18 8:30 p.m.22 views

CVE-2009-3248

Cross-site request forgery CSRF vulnerability in the RSS module in vtiger CRM 5.0.4 allows remote attackers to hijack the authentication of Admin users for requests that modify the news feed system via the rssurl parameter in a Save action to index.php...

6.8CVSS7.1AI score0.01258EPSS
Exploits1References8
Prion
Prion
added 2009/09/18 8:30 p.m.17 views

Design/Logic Flaw

include/utils/ListViewUtils.php in vtiger CRM before 5.1.0 allows remote authenticated users to bypass intended access restrictions and read the 1 visibility, 2 location, and 3 recurrence fields of a calendar via a custom view...

4CVSS6.6AI score0.01028EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2009/09/18 8:30 p.m.22 views

CVE-2009-3247

Cross-site scripting XSS vulnerability in the Activities module in vtiger CRM 5.0.4 allows remote attackers to inject arbitrary web script or HTML via the action parameter to phprint.php. NOTE: the querystring vector is already covered by CVE-2008-3101.3...

4.3CVSS5.5AI score0.0346EPSS
Exploits1References7
NVD
NVD
added 2009/09/18 8:30 p.m.31 views

CVE-2009-3249

Multiple directory traversal vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to include and execute arbitrary local files via a .. dot dot in 1 the module parameter to graph.php; or the 2 module or 3 file parameter to include/Ajax/CommonAjax.php, reachable through...

7.5CVSS6.9AI score0.09592EPSS
Exploits7References9
Cvelist
Cvelist
added 2009/09/18 8:0 p.m.24 views

CVE-2009-3248

Cross-site request forgery CSRF vulnerability in the RSS module in vtiger CRM 5.0.4 allows remote attackers to hijack the authentication of Admin users for requests that modify the news feed system via the rssurl parameter in a Save action to index.php...

7.1AI score0.01258EPSS
Exploits1References8
Cvelist
Cvelist
added 2009/09/18 8:0 p.m.24 views

CVE-2009-3250

The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in 1 .php in installations based on certain Apache HTTP Server configurations, 2...

7.3AI score0.10932EPSS
Exploits1References8
Rows per page
Query Builder