638 matches found
CVE-2007-3599
vtiger CRM before 5.0.3 allows remote authenticated users to import and export the information for a contact even when they only have the View permission...
CVE-2007-3598
index.php in vtiger CRM before 5.0.3 allows remote authenticated users to obtain all users' names and e-mail addresses, and possibly change user settings, via a modified record parameter in a DetailView action to the Users module. NOTE: the vendor disputes the changing of settings, reporting that...
CVE-2007-3601
vtiger CRM before 5.0.3, when a migrated build is used, allows remote authenticated users to read certain other users' calendar activities via a 1 home page or 2 event list view...
FreeBSD : vtiger -- multiple remote file inclusion vulnerabilities (2c8a84d9-5bee-11db-a5ae-00508d6a62df)
Dedi Dwianto a.k.a theday reports : Input passed to the '$calpath' parameter in update.php is not properly verified before being used. This can be exploited to execute arbitrary PHP code by including files from local or external resources. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...
CVE-2006-5289
Multiple PHP remote file inclusion vulnerabilities in Vtiger CRM 4.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the calpath parameter to 1 modules/Calendar/admin/update.php, 2 modules/Calendar/admin/scheme.php, or 3 modules/Calendar/calendar.php...
CVE-2006-5289
Multiple PHP remote file inclusion vulnerabilities in Vtiger CRM 4.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the calpath parameter to 1 modules/Calendar/admin/update.php, 2 modules/Calendar/admin/scheme.php, or 3 modules/Calendar/calendar.php...
CVE-2006-5289
Vulnerability summary (CVE-2006-5289): Vtiger CRM 4.2 and earlier is affected by multiple PHP remote file inclusion flaws in the Calendar module (calpath parameter) affecting update.php, scheme.php, and calendar.php. The underlying issue is unsafely handling calpath, allowing an attacker to suppl...
[ECHO_ADV_54$2006]vtiger CRM <=4.2 (calpath) Multiple Remote File Inclusion Vulnerability
ECHOADV54$2006 ----------------------------------------------------------------------------------------------- ECHOADV54$2006vtiger CRM =4.2 calpath Multiple Remote File Inclusion Vulnerability ----------------------------------------------------------------------------------------------- Author ...
vtiger CRM <= 4.2 (calpath) Multiple Remote File Include Vulnerabilities
No description provided by source. \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV54$2006 ----------------------------------------------------------------------------------------------- ECHOADV54$2006vtiger CRM =4.2 calpath Multiple Remote File Inclusion...
vtiger CRM <= 4.2 (calpath) Multiple Remote File Include Vulnerabilities
Exploit for unknown platform in category web applications ======================================================================== vtiger CRM = 4.2 calpath Multiple Remote File Include Vulnerabilities ======================================================================== \ /\ \ / | \ \ | / \ //...
vTiger CRM 4.2 - 'calpath' Multiple Remote File Inclusions
\ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV54$2006 ----------------------------------------------------------------------------------------------- ECHOADV54$2006vtiger CRM =4.2 calpath Multiple Remote File Inclusion Vulnerability...
vTiger CRM 4.2 - calpath Multiple Remote File Inclusions
vTiger CRM 4.2 - calpath Multiple Remote File Inclusions \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV54$2006 ----------------------------------------------------------------------------------------------- ECHOADV54$2006vtiger CRM =4.2 calpath Multiple...
vtiger -- multiple remote file inclusion vulnerabilities
Dedi Dwianto a.k.a theday reports: Input passed to the "$calpath" parameter in update.php is not properly verified before being used. This can be exploited to execute arbitrary PHP code by including files from local or external resources...
vtiger CRM 5 Beta Remote File Include Vulnerability
!!!!!!!!!WWW.SiBERSAVASCiLAR.COM!!!!!!!!! -------------------------------------------------------------------------------- Title : vtiger CRM 5 Beta Remote File Include Vulnerability -------------------------------------------------------------------------------- Author: CrackersChild cont@ct:...
CVE-2006-4617
Unrestricted file upload vulnerability in fileupload.html in vtiger CRM 4.2.4, and possibly earlier versions, allows remote attackers to upload and execute arbitrary files with executable extensions in the /cashe/mails folder...
CVE-2006-4617
Unrestricted file upload vulnerability in fileupload.html in vtiger CRM 4.2.4, and possibly earlier versions, allows remote attackers to upload and execute arbitrary files with executable extensions in the /cashe/mails folder...
CVE-2006-4617
The CVE-2006-4617 entry documents an unrestricted file upload vulnerability in vtiger CRM 4.2.4 (and possibly earlier). The flaw is triggered via fileupload.html, permitting remote attackers to upload and execute arbitrary files with executable extensions in the /cashe/mails directory. The associ...
CVE-2006-4587
Multiple cross-site scripting XSS vulnerabilities in vtiger CRM 4.2.4, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the 1 description parameter in unspecified modules or the 2 solution parameter in the HelpDesk module...
CVE-2006-4588
vtiger CRM 4.2.4, and possibly earlier, allows remote attackers to bypass authentication and access administrative modules via a direct request to index.php with a modified module parameter, as demonstrated using the Settings module...
CVE-2006-4588
vtiger CRM 4.2.4 (and possibly earlier) contains an authentication-bypass vulnerability that lets remote attackers access administrative modules by issuing a direct request to index.php with a modified module parameter, demonstrated via the Settings module. Root cause: improper validation of the ...