CVE-2006-4587

The CVE-2006-4587 entry documents multiple XSS flaws in vtiger CRM 4.2.4 (and possibly earlier) that allow remote attackers to inject arbitrary scripts via the (1) description parameter in unspecified modules or the (2) solution parameter in the HelpDesk module. The NVD data lists a CVSS v2 base ...

CVE-2006-4588

vtiger CRM 4.2.4 (and possibly earlier) contains an authentication-bypass vulnerability that lets remote attackers access administrative modules by issuing a direct request to index.php with a modified module parameter, demonstrated via the Settings module. Root cause: improper validation of the ...

CVE-2006-4587

Multiple cross-site scripting XSS vulnerabilities in vtiger CRM 4.2.4, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the 1 description parameter in unspecified modules or the 2 solution parameter in the HelpDesk module...

[SA21728] vtiger CRM Script Insertion and Administrative Modules Access

TITLE: vtiger CRM Script Insertion and Administrative Modules Access SECUNIA ADVISORY ID: SA21728 VERIFY ADVISORY: http://secunia.com/advisories/21728/ CRITICAL: Moderately critical IMPACT: Security Bypass, Cross Site Scripting WHERE: From remote SOFTWARE: vtiger CRM 4.x...

Vtiger < 4.5 Alpha 2 Multiple Vulnerabilities - Active Check

Vtiger is prone to arbitrary code execution, directory traversal, SQL injection SQLi allowing authentication bypass and cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2005 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by...

vTiger < 4.5a2 Multiple Vulnerabilities

The remote version of this software is prone to arbitrary code execution, directory traversal, SQL injection allowing authentication bypass, cross-site scripting attacks. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

SEC-20051125-0.txt

SEC-CONSULT Security Advisory ======================================================================= title: Even More Vulnerabilities in VTiger CRM program: vtiger CRM vulnerable version: 4.2 and earlier homepage: http://www.vtiger.com found: 2005-11-06 by: D. Fabian / SEC-CONSULT /...

Hardened-PHP Project Security Advisory 2005-23.105

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hardened PHP Project www.hardened-php.net -= Security Advisory =- Advisory: Multiple vulnerabilities in vTiger CRM Release Date: 2005/11/24 Last Modified: 2005/11/24 Author: Christopher Kunz Application: vTiger 4.2 and prior Severity: Cross-Site...

CVE-2005-3818

Multiple cross-site scripting XSS vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 various input fields, including the contact, lead, and first or last name fields, 2 the record parameter in a DetailView action in the Leads module f...

CVE-2005-3819

Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary SQL commands and bypass authentication via the 1 username and 2 date parameter in the HelpDesk module...

CVE-2005-3821

Cross-site scripting XSS vulnerability in vTiger CRM 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via multiple vectors, including the account name...

CVE-2005-3822

Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 username in the login form or 2 record parameter, as demonstrated in the EditView action for the Contacts module...

CVE-2005-3824

The uploads module in vTiger CRM 4.2 and earlier allows remote attackers to upload arbitrary files, such as PHP files, via the add2db action...

CVE-2005-3820

Multiple directory traversal vulnerabilities in index.php in vTiger CRM 4.2 and earlier allow remote attackers to read or include arbitrary files, an ultimately execute arbitrary PHP code, via .. dot dot and null byte "%00" sequences in the 1 module parameter and 2 action parameter in the Leads...

CVE-2005-3823

The Users module in vTiger CRM 4.2 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary file in the templatename parameter, which is passed to the eval function...

CVE-2005-3823

The Users module in vTiger CRM 4.2 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary file in the templatename parameter, which is passed to the eval function...

CVE-2005-3823

CVE-2005-3823 affects vTiger CRM 4.2 and earlier. The Users module allows remote attackers to execute arbitrary PHP code via an arbitrary file in the templatename parameter, which is passed to eval. The connected sources provide no explicit remediation details; update/patch information is not inc...

CVE-2005-3819

Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary SQL commands and bypass authentication via the 1 username and 2 date parameter in the HelpDesk module...

CVE-2005-3818

The CVE-2005-3818 entry concerns vTiger CRM, affected in versions up to 4.2 and earlier, with multiple XSS flaws that allow attacker-supplied HTML/JS via various input fields (including contact, lead, first/last name), the Leads module DetailView record parameter, $_SERVER['PHP_SELF'], and RSS fe...

CVE-2005-3821

CVE-2005-3821 is an XSS vulnerability affecting vTiger CRM 4.2 and earlier. The exposed component is the web application, with arbitrary script/HTML injection possible via multiple vectors, including the account name. Connected sources corroborate multiple VTiger-related advisories and OpenVAS/Ne...