12 matches found
EUVD-2009-3240
Malware in sbrugna...
CVE-2009-3257
vtiger CRM before 5.1.0 allows remote authenticated users to bypass the permissions on the 1 Account Billing Address and 2 Shipping Address fields in a profile by creating a Sales Order SO associated with that profile...
Cross-Site Request Forgery (CSRF) in tsolucio/corebos
✍️ Description Attacker able to delete any Sales Order with CSRF attack because there is any CSRF protection for related endpoint. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know...
Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr
✍️ Description CSRF bug to remove third-party from sales-order 🕵️♂️ Proof of Concept Here it does not check token parameter for csrf .You can remove token paramater from url. bellow request is vulnerable to csrf attack when removing third-party from sales-order ....
Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr
✍️ Description CSRF bug to classify bill of sales-order 🕵️♂️ Proof of Concept Here it does not check token parameter for csrf .You can remove token paramater from url. bellow request is vulnerable to csrf attack when classify bill of sales-order ....
Threat Outbreak Alert RuleID25719: Email Messages Distributing Malicious Software on October 19, 2016
Medium Alert ID: 49356 First Published: 2016 October 19 19:45 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID25719 may contain the following files: Name |...
magento < 1.9 xss vulnerability fix description-vulnerability warning-the black bar safety net
magento XSSthe vulnerability description did not say Baidu about everywhere Here a simple record handling process, and compare the rough, whether effective not yet verification Edit app/design/adminhtml/default/default/template/sales/order/view/info. phtml File Search getCustomerEmail There are t...
Threat Outbreak Alert RuleID18929: Email Messages Distributing Malicious Software on March 12, 2016
Medium Alert ID: 41699 First Published: 2015 October 26 13:44 GMT Last Updated: 2016 March 14 12:26 GMT Version: 10 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID18929 a...
Design/Logic Flaw
vtiger CRM before 5.1.0 allows remote authenticated users to bypass the permissions on the 1 Account Billing Address and 2 Shipping Address fields in a profile by creating a Sales Order SO associated with that profile...
CVE-2009-3257
vtiger CRM before 5.1.0 allows remote authenticated users to bypass the permissions on the 1 Account Billing Address and 2 Shipping Address fields in a profile by creating a Sales Order SO associated with that profile...
CVE-2009-3257
CVE-2009-3257 in vtiger CRM affects vtiger CRM before 5.1.0. The vulnerability arises when remote authenticated users can bypass permissions on profile fields (Account Billing Address and Shipping Address) by creating a Sales Order associated with that profile. The description implies a permissio...
CVE-2009-3257
vtiger CRM before 5.1.0 allows remote authenticated users to bypass the permissions on the 1 Account Billing Address and 2 Shipping Address fields in a profile by creating a Sales Order SO associated with that profile...