638 matches found
CVE-2009-3250
The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in 1 .php in installations based on certain Apache HTTP Server configurations, 2...
CVE-2009-3251
include/utils/ListViewUtils.php in vtiger CRM before 5.1.0 allows remote authenticated users to bypass intended access restrictions and read the 1 visibility, 2 location, and 3 recurrence fields of a calendar via a custom view...
CVE-2009-3250
The CVE-2009-3250 issue affects vtiger CRM 5.0.4, where the saveForwardAttachments function in Compose Mail lets remote authenticated users execute arbitrary code by attaching a filename ending in .php (varying by Apache config/OS) and then requesting a path under storage/. The connected document...
CVE-2009-3249
CVE-2009-3249 pertains to vtiger CRM 5.0.4 and involves multiple directory traversal/remote file inclusion weaknesses. Technical details from the sources confirm: Vulnerabilities in graph.php via the module parameter and in include/Ajax/CommonAjax.php via module/file, reachable through modules li...
CVE-2009-3248
The CVE-2009-3248 entry describes a CSRF vulnerability in the vtiger CRM 5.0.4 RSS module . The flaw allows remote attackers to hijack the authentication of Admin users by crafting requests to index.php with the rssurl parameter in a Save action, enabling modification of the news feed system. The...
CVE-2009-3247
CVE-2009-3247 : vtiger CRM 5.0.4 contains a Cross-site scripting (XSS) vulnerability in the Activities module, exploitable via the action parameter to phprint.php. The issue’s impact is described as injecting arbitrary web script/HTML into user sessions, with the note that the query_string vector...
CVE-2009-3251
Summary: CVE-2009-3251 affects vtiger CRM prior to 5.1.0 in the file include/utils/ListViewUtils.php. The vulnerability allows remote authenticated users to bypass access restrictions and read calendar fields (visibility, location, recurrence) via a custom view. What’s affected: vtiger CRM (pre-5...
vTiger CRM 5.0.4 - Remote Code Execution / Cross-Site Request Forgery / Local File Inclusion / Cross-Site Scripting
Vtiger CRM 5.0.4 Multiple Vulnerabilities Name Multiple Vulnerabilities in Vtiger CRM Systems Affected Vtiger CRM 5.0.4 and possibly earlier versions Severity Medium Impact CVSSv2 Medium 6/10, vector: AV:N/AC:M/Au:S/C:P/I:P/A:P Vendor http://www.vtigercrm.com Advisory...
Vtiger CRM 5.0.4 (RCE/CSRF/LFI/XSS) Multiple Vulnerabilities
No description provided by source. Vtiger CRM 5.0.4 Multiple Vulnerabilities Name Multiple Vulnerabilities in Vtiger CRM Systems Affected Vtiger CRM 5.0.4 and possibly earlier versions Severity Medium Impact CVSSv2 Medium 6/10, vector: AV:N/AC:M/Au:S/C:P/I:P/A:P Vendor http://www.vtigercrm.com...
vTiger CRM 5.0.4 - Remote Code Execution Cross-Site Request Forgery Local File Inclusion Cross-Site Scripting
vTiger CRM 5.0.4 - Remote Code Execution Cross-Site Request Forgery Local File Inclusion Cross-Site Scripting Vtiger CRM 5.0.4 Multiple Vulnerabilities Name Multiple Vulnerabilities in Vtiger CRM Systems Affected Vtiger CRM 5.0.4 and possibly earlier versions Severity Medium Impact CVSSv2 Medium...
Vtiger CRM 5.0.4 (RCE/CSRF/LFI/XSS) Multiple Vulnerabilities
Exploit for unknown platform in category web applications ============================================================ Vtiger CRM 5.0.4 RCE/CSRF/LFI/XSS Multiple Vulnerabilities ============================================================ Vtiger CRM 5.0.4 Multiple Vulnerabilities Name Multiple...
Vtiger CRM 5.0.4 Multiple Vulnerabilities
Vtiger CRM 5.0.4 Multiple Vulnerabilities Name Multiple Vulnerabilities in Vtiger CRM Systems Affected Vtiger CRM 5.0.4 and possibly earlier versions Severity Medium Impact CVSSv2 Medium 6/10, vector: AV:N/AC:M/Au:S/C:P/I:P/A:P Vendor http://www.vtigercrm.com Advisory...
Vtiger CRM 5.0.4 Code Exection / XSS / XSRF / LFI
Vtiger CRM 5.0.4 Multiple Vulnerabilities Name Multiple Vulnerabilities in Vtiger CRM Systems Affected Vtiger CRM 5.0.4 and possibly earlier versions Severity Medium Impact CVSSv2 Medium 6/10, vector: AV:N/AC:M/Au:S/C:P/I:P/A:P Vendor http://www.vtigercrm.com Advisory...
vtiger CRM多个跨站脚本漏洞
BUGTRAQ ID: 30951 CVECAN ID: CVE-2008-3101 vtiger CRM是基于web的开源客户关系管理系统。 vtiger CRM实现上存在漏洞,远程攻击者可以通过向vtiger CRM的多个模块提交恶意的认证或查询请求执行跨站脚本攻击。 1 当module设置为Users且action设置为Authenticate的时候,index.php文件没有正确的验证对userpassword参数的输入便返回给了用户,可能导致在用户浏览器会话中执行任意HTML和脚本代码。 2...
FreeBSD Ports: vtiger
The remote host is missing an update to the system as announced in the referenced advisory. VID 2c8a84d9-5bee-11db-a5ae-00508d6a62df OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...
FreeBSD Ports: vtiger
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to inject arbitrary web script or HTML via 1 the parenttab parameter in an index action to the Products module, as reachable through index.php; 2 the userpassword parameter in an Authenticate action to th...
CVE-2008-3101
Multiple cross-site scripting XSS vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to inject arbitrary web script or HTML via 1 the parenttab parameter in an index action to the Products module, as reachable through index.php; 2 the userpassword parameter in an Authenticate action to th...
CVE-2008-3101
Multiple cross-site scripting XSS vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to inject arbitrary web script or HTML via 1 the parenttab parameter in an index action to the Products module, as reachable through index.php; 2 the userpassword parameter in an Authenticate action to th...
CVE-2008-3101
CVE-2008-3101 affects vtiger CRM 5.0.4. The vulnerability consists of multiple XSS flaws triggered by unvalidated input in index.php across three paths: (1) Products module, index action via the parenttab parameter; (2) Users module, Authenticate action via the user_password parameter; (3) Home m...