646 matches found
CVE-2005-3823
The Users module in vTiger CRM 4.2 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary file in the templatename parameter, which is passed to the eval function...
CVE-2005-3824
The uploads module in vTiger CRM 4.2 and earlier allows remote attackers to upload arbitrary files, such as PHP files, via the add2db action...
CVE-2005-3820
Multiple directory traversal vulnerabilities in index.php in vTiger CRM 4.2 and earlier allow remote attackers to read or include arbitrary files, an ultimately execute arbitrary PHP code, via .. dot dot and null byte "%00" sequences in the 1 module parameter and 2 action parameter in the Leads...
CVE-2005-3818
The CVE-2005-3818 entry concerns vTiger CRM, affected in versions up to 4.2 and earlier, with multiple XSS flaws that allow attacker-supplied HTML/JS via various input fields (including contact, lead, first/last name), the Leads module DetailView record parameter, $_SERVER['PHP_SELF'], and RSS fe...
CVE-2005-3822
Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 username in the login form or 2 record parameter, as demonstrated in the EditView action for the Contacts module...
CVE-2005-3823
The Users module in vTiger CRM 4.2 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary file in the templatename parameter, which is passed to the eval function...
CVE-2005-3821
Cross-site scripting XSS vulnerability in vTiger CRM 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via multiple vectors, including the account name...
CVE-2005-3819
Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary SQL commands and bypass authentication via the 1 username and 2 date parameter in the HelpDesk module...
CVE-2005-3824
The uploads module in vTiger CRM 4.2 and earlier allows remote attackers to upload arbitrary files, such as PHP files, via the add2db action...
CVE-2005-3823
CVE-2005-3823 affects vTiger CRM 4.2 and earlier. The Users module allows remote attackers to execute arbitrary PHP code via an arbitrary file in the templatename parameter, which is passed to eval. The connected sources provide no explicit remediation details; update/patch information is not inc...
CVE-2005-3822
CVE-2005-3822 affects vTiger CRM 4.2 and earlier, with multiple SQL injection flaws allowing remote attackers to run arbitrary SQL via the login form username or the EditView–Contacts record parameter. The NVD entry lists a CVSS v2 base score of 7.5 (HIGH) with network access, minimal authenticat...
CVE-2005-3821
CVE-2005-3821 is an XSS vulnerability affecting vTiger CRM 4.2 and earlier. The exposed component is the web application, with arbitrary script/HTML injection possible via multiple vectors, including the account name. Connected sources corroborate multiple VTiger-related advisories and OpenVAS/Ne...
CVE-2005-3819
Summary: CVE-2005-3819 affects vtiger CRM up to version 4.2, with SQL injection vulnerabilities in the HelpDesk module that enable remote attackers to inject arbitrary SQL and bypass authentication via the (1) user_name and (2) date parameters. This is corroborated by multiple vulnerability feeds...
CVE-2005-3824
The CVE-2005-3824 entry concerns vTiger CRM 4.2 and earlier, where the uploads module (via add2db action) allows remote attackers to upload arbitrary files, including PHP scripts. This is an arbitrary file upload vulnerability in the uploads module, enabling potential remote execution or hosting ...
CVE-2005-3818
Multiple cross-site scripting XSS vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 various input fields, including the contact, lead, and first or last name fields, 2 the record parameter in a DetailView action in the Leads module f...
CVE-2005-3820
vTiger CRM <= 4.2 is affected by multiple directory traversal vulnerabilities in index.php (Leads module) where, due to improper handling of .. and null byte sequences in the module and action parameters, an attacker can read or include arbitrary files and potentially execute PHP code. The iss...
CVE-2005-3820
Multiple directory traversal vulnerabilities in index.php in vTiger CRM 4.2 and earlier allow remote attackers to read or include arbitrary files, an ultimately execute arbitrary PHP code, via .. dot dot and null byte "%00" sequences in the 1 module parameter and 2 action parameter in the Leads...
SEC Consult SA-20051125-0 :: More Vulnerabilities in vTiger CRM
SEC-CONSULT Security Advisory 20051125-0 ======================================================================= title: Even More Vulnerabilities in VTiger CRM program: vtiger CRM vulnerable version: 4.2 and earlier homepage: http://www.vtiger.com found: 2005-11-06 by: D. Fabian / SEC-CONSULT /...
[Full-disclosure] Advisory 23/2005: vTiger multiple vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hardened PHP Project www.hardened-php.net -= Security Advisory =- Advisory: Multiple vulnerabilities in vTiger CRM Release Date: 2005/11/24 Last Modified: 2005/11/24 Author: Christopher Kunz [email protected] Application: vTiger 4.2 an...
vTiger CRM 4.2 - SQL Injection
vTiger CRM 4.2 - SQL Injection source: https://www.securityfocus.com/bid/15562/info vtiger CRM is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. vTiger CRM is prone to multiple SQL injection, HTML...