CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 3CVE-2015-6000 – vTiger CRM 6.3.0 - (Authenticated) Remote Code Execution
https://notcve.org/view.php?id=CVE-2015-6000
Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.3.0 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in test/logo/. Una vulnerabilidad de carga de archivos sin restricciones en la clase Settings_Vtiger_CompanyDetailsSave_Action en el archivo modules/Settings/Vtiger/actions/CompanyDetailsSave.php en Vtiger CRM versiones 6.3.0 y anteriores, permite a usuarios autenticados remotos ejecutar código arbitrario mediante la carga de un archivo con una extensión ejecutable, y luego acceder a él por medio de un petición directa al archivo en test/logo/. Vtiger CRM versions 6.3 and below suffer from an authenticated remote code execution vulnerability. • https://www.exploit-db.com/exploits/38345 http://b.fl7.de/2015/09/vtiger-crm-authenticated-rce-cve-2015-6000.html http://www.securityfocus.com//archive/1/536563/100/0/threaded - • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.0EPSS: 96%CPEs: 30EXPL: 3CVE-2014-2268 – Vtiger - 'Install' Remote Command Execution
https://notcve.org/view.php?id=CVE-2014-2268
views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote attackers to re-install the application via a request that sets the X-Requested-With HTTP header, as demonstrated by executing arbitrary PHP code via the db_name parameter. views/Index.php en el módulo de instalación en vTiger 6.0 anterior a Security Patch 2 no restringe correctamente el acceso, lo que permite a atacantes remotos re-instalar la aplicación a través de una serie de peticiones configuradas como cabecera tipo X-Requested-With HTTP, como se demostró ejecutando código arbitrario a través del parámetro db_name. • https://www.exploit-db.com/exploits/32794 http://vtiger-crm.2324883.n4.nabble.com/Vtigercrm-developers-IMP-forgot-password-and-re-installation-security-fix-tt9786.html http://www.exploit-db.com/exploits/32794 http://www.securityfocus.com/bid/66757 https://www.navixia.com/blog/entry/navixia-find-critical-vulnerabilities-in-vtiger-crm-cve-2014-2268-cve-2014-2269.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.0EPSS: 5%CPEs: 1EXPL: 4CVE-2014-1222 – Fiyo CMS 2.0.1.8 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-1222
Directory traversal vulnerability in kcfinder/browse.php in Vtiger CRM before 6.0.0 Security patch 1 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter in a download action. NOTE: it is likely that this issue is actually in the KCFinder third-party component, and it affects additional products besides Vtiger CRM. Vulnerabilidad de salto de directorio en kcfinder/browse.php en Vtiger CRM en versiones anteriores a 6.0.0 Security patch 1 permite a usuarios remotos autenticados leer archivos arbitrarios a través de un .. (punto punto) en el parámetro file en una acción de descarga. • https://www.exploit-db.com/exploits/36581 https://www.exploit-db.com/exploits/27597 https://www.exploit-db.com/exploits/32213 http://sourceforge.net/projects/vtigercrm/files/vtiger%20CRM%206.0.0/Add-ons/vtigercrm-600-security-patch1.zip/download http://www.securityfocus.com/archive/1/531423/100/0/threaded https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1222 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2013-7326
https://notcve.org/view.php?id=CVE-2013-7326
Cross-site scripting (XSS) vulnerability in vTiger CRM 5.4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) return_url parameter to modules\com_vtiger_workflow\savetemplate.php, or unspecified vectors to (2) deletetask.php, (3) edittask.php, (4) savetask.php, or (5) saveworkflow.php. Vulnerabilidad de XSS en vTiger CRM 5.4.0 permite a atacantes remotos inyectar script Web o HTML arbitrarios a través del (1) parámetro return_url hacia modules\com_vtiger_workflow\savetemplate.php, o vectores no especificados hacia (2) deletetask.php, (3) edittask.php, (4) savetask.php, o (5) saveworkflow.php. • http://archives.neohapsis.com/archives/bugtraq/2013-12/0052.html http://osvdb.org/100897 http://packetstormsecurity.com/files/124402 http://www.enkomio.com/Advisory/SOJOBO-ADV-13-05 http://www.securityfocus.com/bid/64236 https://exchange.xforce.ibmcloud.com/vulnerabilities/89662 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 95%CPEs: 2EXPL: 3CVE-2013-3591 – vTiger CRM 5.3.0 5.4.0 - (Authenticated) Remote Code Execution
https://notcve.org/view.php?id=CVE-2013-3591
vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability vTiger CRM versiones 5.3 y 5.4: Vulnerabilidad de Ejecución de Código PHP Arbitraria en la Carpeta de Carga "files". • https://www.exploit-db.com/exploits/29319 http://www.exploit-db.com/exploits/29319 http://www.securityfocus.com/bid/63454 https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats https://www.rapid7.com/blog/post/2013/10/30/seven-tricks-and-treats • CWE-434: Unrestricted Upload of File with Dangerous Type •