11 matches found
EUVD-2011-4732
Malware in sbrugna...
EUVD-2011-4720
Malware in sbrugna...
Dolibarr 3.1.0 admin/company.php username Parameter XSS
The version of Dolibarr on the remote host fails to properly sanitize parameters in 'admin/company.php' before using them to generate dynamic HTML. By tricking someone into clicking on a specially crafted link, an attacker may be able exploit this issue to inject arbitrary HTML and script code in...
Sql injection
Multiple SQL injection vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the 1 sortfield, 2 sortorder, and 3 sall parameters to user/index.php and b user/group/index.php; the id parameter to 4 info.php, 5 perms.php, 6...
PT-2011-5108 · Dolibarr · Dolibarr
Name of the Vulnerable Software and Affected Versions: Dolibarr versions 3.1.0 RC and earlier Description: The issue allows remote authenticated users to execute arbitrary SQL commands. This can be achieved via several parameters in different PHP files, including sortfield, sortorder, and sall...
CVE-2011-4802
Dolibarr
CVE-2011-4814
Dolibarr
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Dolibarr 3.1.0 allow remote attackers to inject arbitrary web script or HTML via 1 the username parameter in a setup action to admin/company.php, or the PATHINFO to 2 admin/securityother.php, 3 admin/events.php, or 4 admin/user.php...
CVE-2011-4329
Multiple cross-site scripting XSS vulnerabilities in Dolibarr 3.1.0 allow remote attackers to inject arbitrary web script or HTML via 1 the username parameter in a setup action to admin/company.php, or the PATHINFO to 2 admin/securityother.php, 3 admin/events.php, or 4 admin/user.php...
PT-2011-4932 · Dolibarr · Dolibarr
Name of the Vulnerable Software and Affected Versions: Dolibarr version 3.1.0 Description: The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the username parameter in a setup action to "admin/company.php", or the PATH INFO to "admin/security...
Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0
Advisory: Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0 Advisory ID: INFOSERVE-ADV2011-03 Author: Stefan Schurtz Contact: [email protected] Affected Software: Successfully tested on Dolibarr 3.1.0 other versions may also be affected Vendor URL: http://www.dolibarr.org/ Vendo...