Lucene search
K

638 matches found

exploitpack
exploitpack
added 2008/09/01 12:0 a.m.10 views

vTiger CRM 5.0.4 - Multiple Cross-Site Scripting Vulnerabilities

vTiger CRM 5.0.4 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/30951/info vtiger CRM is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2008/09/01 12:0 a.m.23 views

vTiger CRM 5.0.4 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/30951/info vtiger CRM is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...

7.4AI score
Exploits0
Prion
Prion
added 2008/08/04 7:41 p.m.12 views

Improper access control

Vtiger CRM before 5.0.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read mail merge templates via a direct request to the wordtemplatedownload directory...

5CVSS6.5AI score0.02799EPSS
Exploits1References7Affected Software1
NVD
NVD
added 2008/08/04 7:41 p.m.16 views

CVE-2008-3458

Vtiger CRM before 5.0.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read mail merge templates via a direct request to the wordtemplatedownload directory...

5CVSS6.2AI score0.02799EPSS
Exploits1References7
CVE
CVE
added 2008/08/04 7:0 p.m.44 views

CVE-2008-3458

Vuln CVE-2008-3458 affects vTiger CRM prior to version 5.0.4 . The issue is inadequate access control that stores sensitive information under the web root, enabling remote attackers to read mail merge templates by directly requesting the wordtemplatedownload directory. This is confirmed across mu...

5CVSS6.2AI score0.02799EPSS
Exploits1References7Affected Software1
Cvelist
Cvelist
added 2008/08/04 7:0 p.m.17 views

CVE-2008-3458

Vtiger CRM before 5.0.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read mail merge templates via a direct request to the wordtemplatedownload directory...

6.2AI score0.02799EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2008/01/28 12:0 a.m.62 views

vTiger CRM Directory File Disclosure

The remote instance of vTiger allows an unauthenticated attacker to view the contents of application directories, which could lead to the disclosure of sensitive information. Note that the solution does not prevent an attacker from retrieving files by guessing their names, only obtaining a...

5CVSS5.5AI score0.02799EPSS
Exploits1References3
NVD
NVD
added 2007/07/06 7:30 p.m.14 views

CVE-2007-3604

vtiger CRM before 5.0.3 allows remote authenticated users with access to the Analytics DashBoard menu to bypass data restrictions and read the pipeline of the entire organization, possibly involving modules/Potentials/Potentials.php...

4CVSS6.4AI score0.01077EPSS
Exploits0References5
NVD
NVD
added 2007/07/06 7:30 p.m.14 views

CVE-2007-3603

SQL injection vulnerability in the dashboard include/utils/SearchUtils.php in vtiger CRM before 5.0.3 allows remote authenticated users to execute arbitrary SQL commands via the assigneduserid parameter in a Potentials ListView action to index.php...

6.5CVSS7.9AI score0.01396EPSS
Exploits0References5
NVD
NVD
added 2007/07/06 7:30 p.m.17 views

CVE-2007-3598

index.php in vtiger CRM before 5.0.3 allows remote authenticated users to obtain all users' names and e-mail addresses, and possibly change user settings, via a modified record parameter in a DetailView action to the Users module. NOTE: the vendor disputes the changing of settings, reporting that...

5.5CVSS6.5AI score0.00966EPSS
Exploits0References4
Prion
Prion
added 2007/07/06 7:30 p.m.17 views

Design/Logic Flaw

WordPlugin in the wordintegration component in vtiger CRM before 5.0.3 allows remote authenticated users to bypass field level security permissions and merge arbitrary fields in an Email template, as demonstrated by the fields in the Contact module...

4CVSS7AI score0.01776EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2007/07/06 7:30 p.m.12 views

Code injection

The SOAP webservice in vtiger CRM before 5.0.3 does not ensure that authenticated accounts are active, which allows remote authenticated users with inactive accounts to access and modify data, as demonstrated by the Thunderbird plugin...

5.5CVSS6.8AI score0.0149EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2007/07/06 7:30 p.m.19 views

Sql injection

SQL injection vulnerability in the dashboard include/utils/SearchUtils.php in vtiger CRM before 5.0.3 allows remote authenticated users to execute arbitrary SQL commands via the assigneduserid parameter in a Potentials ListView action to index.php...

6.5CVSS8.6AI score0.01396EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2007/07/06 7:30 p.m.14 views

CVE-2007-3600

WordPlugin in the wordintegration component in vtiger CRM before 5.0.3 allows remote authenticated users to bypass field level security permissions and merge arbitrary fields in an Email template, as demonstrated by the fields in the Contact module...

4CVSS6.5AI score0.01776EPSS
Exploits0References4
Prion
Prion
added 2007/07/06 7:30 p.m.22 views

Code injection

index.php in vtiger CRM before 5.0.3 allows remote authenticated users to obtain all users' names and e-mail addresses, and possibly change user settings, via a modified record parameter in a DetailView action to the Users module. NOTE: the vendor disputes the changing of settings, reporting that...

5.5CVSS7AI score0.00966EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2007/07/06 7:30 p.m.19 views

CVE-2007-3599

vtiger CRM before 5.0.3 allows remote authenticated users to import and export the information for a contact even when they only have the View permission...

8.5CVSS6AI score0.01291EPSS
Exploits0References3
NVD
NVD
added 2007/07/06 7:30 p.m.16 views

CVE-2007-3602

The SOAP webservice in vtiger CRM before 5.0.3 does not ensure that authenticated accounts are active, which allows remote authenticated users with inactive accounts to access and modify data, as demonstrated by the Thunderbird plugin...

5.5CVSS6.3AI score0.0149EPSS
Exploits0References4
NVD
NVD
added 2007/07/06 7:30 p.m.14 views

CVE-2007-3601

vtiger CRM before 5.0.3, when a migrated build is used, allows remote authenticated users to read certain other users' calendar activities via a 1 home page or 2 event list view...

2.1CVSS6.1AI score0.00842EPSS
Exploits0References3
Prion
Prion
added 2007/07/06 7:30 p.m.20 views

Design/Logic Flaw

vtiger CRM before 5.0.3 allows remote authenticated users with access to the Analytics DashBoard menu to bypass data restrictions and read the pipeline of the entire organization, possibly involving modules/Potentials/Potentials.php...

4CVSS6.9AI score0.01077EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2007/07/06 7:30 p.m.19 views

Code injection

vtiger CRM before 5.0.3 allows remote authenticated users to import and export the information for a contact even when they only have the View permission...

8.5CVSS6.6AI score0.01291EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder