CVE-2005-3818

The CVE-2005-3818 entry concerns vTiger CRM, affected in versions up to 4.2 and earlier, with multiple XSS flaws that allow attacker-supplied HTML/JS via various input fields (including contact, lead, first/last name), the Leads module DetailView record parameter, $_SERVER['PHP_SELF'], and RSS fe...

CVE-2005-3823

CVE-2005-3823 affects vTiger CRM 4.2 and earlier. The Users module allows remote attackers to execute arbitrary PHP code via an arbitrary file in the templatename parameter, which is passed to eval. The connected sources provide no explicit remediation details; update/patch information is not inc...

CVE-2005-3822

Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 username in the login form or 2 record parameter, as demonstrated in the EditView action for the Contacts module...

CVE-2005-3818

Multiple cross-site scripting XSS vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 various input fields, including the contact, lead, and first or last name fields, 2 the record parameter in a DetailView action in the Leads module f...

CVE-2005-3819

Summary: CVE-2005-3819 affects vtiger CRM up to version 4.2, with SQL injection vulnerabilities in the HelpDesk module that enable remote attackers to inject arbitrary SQL and bypass authentication via the (1) user_name and (2) date parameters. This is corroborated by multiple vulnerability feeds...

CVE-2005-3821

Cross-site scripting XSS vulnerability in vTiger CRM 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via multiple vectors, including the account name...

CVE-2005-3819

Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary SQL commands and bypass authentication via the 1 username and 2 date parameter in the HelpDesk module...

CVE-2005-3822

CVE-2005-3822 affects vTiger CRM 4.2 and earlier, with multiple SQL injection flaws allowing remote attackers to run arbitrary SQL via the login form username or the EditView–Contacts record parameter. The NVD entry lists a CVSS v2 base score of 7.5 (HIGH) with network access, minimal authenticat...

CVE-2005-3821

CVE-2005-3821 is an XSS vulnerability affecting vTiger CRM 4.2 and earlier. The exposed component is the web application, with arbitrary script/HTML injection possible via multiple vectors, including the account name. Connected sources corroborate multiple VTiger-related advisories and OpenVAS/Ne...

SEC Consult SA-20051125-0 :: More Vulnerabilities in vTiger CRM

SEC-CONSULT Security Advisory 20051125-0 ======================================================================= title: Even More Vulnerabilities in VTiger CRM program: vtiger CRM vulnerable version: 4.2 and earlier homepage: http://www.vtiger.com found: 2005-11-06 by: D. Fabian / SEC-CONSULT /...

[Full-disclosure] Advisory 23/2005: vTiger multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hardened PHP Project www.hardened-php.net -= Security Advisory =- Advisory: Multiple vulnerabilities in vTiger CRM Release Date: 2005/11/24 Last Modified: 2005/11/24 Author: Christopher Kunz [email protected] Application: vTiger 4.2 an...

vTiger CRM 4.2 RSS Aggregation Module - Feed Cross-Site Scripting

vTiger CRM 4.2 RSS Aggregation Module - Feed Cross-Site Scripting source: https://www.securityfocus.com/bid/15562/info vtiger CRM is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. vTiger CRM is pro...

vTiger CRM 4.2 - SQL Injection

vTiger CRM 4.2 - SQL Injection source: https://www.securityfocus.com/bid/15562/info vtiger CRM is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. vTiger CRM is prone to multiple SQL injection, HTML...

vTiger CRM 4.2 - SQL Injection

source: https://www.securityfocus.com/bid/15562/info vtiger CRM is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. vTiger CRM is prone to multiple SQL injection, HTML injection, cross-site scripting...

vTiger CRM 4.2 Leads Module - record Cross-Site Scripting

vTiger CRM 4.2 Leads Module - record Cross-Site Scripting source: https://www.securityfocus.com/bid/15562/info vtiger CRM is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. vTiger CRM is prone to...

[SA17693] vtiger CRM Multiple Vulnerabilities

TITLE: vtiger CRM Multiple Vulnerabilities SECUNIA ADVISORY ID: SA17693 VERIFY ADVISORY: http://secunia.com/advisories/17693/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, Manipulation of data, Exposure of sensitive information, System access WHERE: From remote SOFTWARE...

vTiger CRM 4.2 RSS Aggregation Module - Feed Cross-Site Scripting

source: https://www.securityfocus.com/bid/15562/info vtiger CRM is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. vTiger CRM is prone to multiple SQL injection, HTML injection, cross-site scripting...

vTiger CRM 4.2 Leads Module - 'record' Cross-Site Scripting

source: https://www.securityfocus.com/bid/15562/info vtiger CRM is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. vTiger CRM is prone to multiple SQL injection, HTML injection, cross-site scripting...