23 matches found
CVE-2011-1404
Mahara prior to version 1.3.6 is affected by CVE-2011-1404, where JSON responses exposed more information than necessary in AJAX endpoints (blocktype/myfriends/myfriends.json.php, json/usersearch.php, group/membersearchresults.json.php, json/friendsearch.php). The issue is an information disclosu...
CVE-2010-4761
The customer-interface ticket-print dialog in Open Ticket Request System OTRS before 3.0.0-beta3 does not properly restrict customer-visible data, which allows remote authenticated users to obtain potentially sensitive information from the 1 responsible, 2 owner, 3 accounted time, 4 pending until...
CVE-2007-3604
vtiger CRM before 5.0.3 allows remote authenticated users with access to the Analytics DashBoard menu to bypass data restrictions and read the pipeline of the entire organization, possibly involving modules/Potentials/Potentials.php...