15 matches found
EUVD-2014-1080
Malware in sbrugna...
EUVD-2014-1081
Malware in sbrugna...
CVE-2014-10009
Multiple cross-site scripting XSS vulnerabilities in Stark CRM 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 firstname, 2 lastname, or 3 notes parameter to the client page; 4 insuname or 5 price parameter to the addinsurancecat page; or 6 status parameter to the...
CVE-2014-10008
Multiple cross-site request forgery CSRF vulnerabilities in Stark CRM 1.0 allow remote attackers to hijack the authentication of administrators for requests that add 1 an administrator via a crafted request to the admin page, 2 an agent via a crafted request to the agent page, 3 a sub-agent via a...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in Stark CRM 1.0 allow remote attackers to hijack the authentication of administrators for requests that add 1 an administrator via a crafted request to the admin page, 2 an agent via a crafted request to the agent page, 3 a sub-agent via a...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Stark CRM 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 firstname, 2 lastname, or 3 notes parameter to the client page; 4 insuname or 5 price parameter to the addinsurancecat page; or 6 status parameter to the...
CVE-2014-10008
CVE-2014-10008 (Stark CRM v1.0) is documented in connected sources as CSRF vulnerabilities that enable forged requests to admin pages (admin/agent/sub_agent/partner/client) to hijack administrator authentication and perform privileged actions. ZSL-2014-5169 additionally notes stored XSS and sessi...
CVE-2014-10008
Multiple cross-site request forgery CSRF vulnerabilities in Stark CRM 1.0 allow remote attackers to hijack the authentication of administrators for requests that add 1 an administrator via a crafted request to the admin page, 2 an agent via a crafted request to the agent page, 3 a sub-agent via a...
CVE-2014-10009
Stark CRM 1.0 is affected by multiple stored XSS vulnerabilities due to unsanitized input in several POST parameters: first_name, last_name, notes (client page); insu_name, price (add_insurance_cat); and status[] (add_status). The root cause is improper input validation/exploitation of input pars...
CVE-2014-10009
Multiple cross-site scripting XSS vulnerabilities in Stark CRM 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 firstname, 2 lastname, or 3 notes parameter to the client page; 4 insuname or 5 price parameter to the addinsurancecat page; or 6 status parameter to the...
Stark CRM 1.0 - Multiple Vulnerabilities
No description provided by source. ? Stark CRM v1.0 Multiple Script Injection And Session Riding Vulnerabilities Vendor: IWCn Systems Inc. Product web page: http://www.iwcn.ws Affected version: 1.0 Summary: This is a light weight CRM which simplifies process of managing staff, client and projects...
Stark CRM多个安全漏洞
Bugtraq ID:65710 Stark CRM是一款PHP客户关系管理系统。 Stark CRM存在多个存储型跨站脚本和跨站请求伪造漏洞,允许远程攻击者利用漏洞构建恶意URI,诱使用户解析,可获取敏感信息或以目标用户上下文执行恶意操作。 0 Stark CRM 1.0 目前没有详细解决方案提供: http://www.iwcn.ws Stark CRM v1.0 Multiple Script Injection And Session Riding Vulnerabilities Vendor: IWCn Systems Inc. Product web page:...
Stark CRM 1.0 - Multiple Vulnerabilities
Multiple stored cross site scripting and cross site request forgery vulnerabilities exist when parsing user input to several POST parameters in Stark CRM version 1.0. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the...
Stark CRM 1.0 Script Injection / Session Riding
Stark CRM v1.0 Multiple Script Injection And Session Riding Vulnerabilities Vendor: IWCn Systems Inc. Product web page: http://www.iwcn.ws Affected version: 1.0 Summary: This is a light weight CRM which simplifies process of managing staff, client and projects. Desc: Multiple stored XSS and CSRF...
Stark CRM 1.0 - Multiple Vulnerabilities
Stark CRM 1.0 - Multiple Vulnerabilities Stark CRM v1.0 Multiple Script Injection And Session Riding Vulnerabilities Vendor: IWCn Systems Inc. Product web page: http://www.iwcn.ws Affected version: 1.0 Summary: This is a light weight CRM which simplifies process of managing staff, client and...