NotCVE - vendor:"Vtiger" product:"Vtiger Crm" version:" <= 6.0.0"

Page 6 of 53 results (0.004 seconds)

CVSS: 9.0EPSS: 0%CPEs: 23EXPL: 0

CVE-2009-3258

https://notcve.org/view.php?id=CVE-2009-3258

vtiger CRM before 5.1.0 allows remote authenticated users, with certain View privileges, to delete (1) attachments, (2) reports, (3) filters, (4) views, and (5) tickets; insert (6) attachments, (7) reports, (8) filters, (9) views, and (10) tickets; and edit (11) reports, (12) filters, (13) views, and (14) tickets via unspecified vectors. vtiger CRM anteriores a v5.1.0 permite a usuarios autenticados, con algunos privilegios de Vista, borrar (1) adjuntos, (2) informes, (3) filtros, (4) Vistas, y (5) tickets; insertar (6) adjuntos, (7) informes, (8) filtros, (9) vistas, y (10) tickets; y editar (11) informes, (12) filtros, (13) vistas, y (14) tickets a través de vectores sin especificar. • http://forums.vtiger.com/viewtopic.php?t=15094 http://forums.vtiger.com/viewtopic.php?t=16756 http://secunia.com/advisories/36309 http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/5249 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 9.0EPSS: 5%CPEs: 1EXPL: 5

CVE-2009-3250 – vTiger CRM 5.0.4 - Remote Code Execution / Cross-Site Request Forgery / Local File Inclusion / Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2009-3250

The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/. El procedimiento "saveForwardAttachments" de la funcionalidad "Crear correo" de vtiger CRM v5.0.4 permite a usuarios remotos autenticados ejecutar código de su elección creando un mensaje de correo electrónico con un fichero adjunto cuyo nombre acabe en (1) .php en entornos basados en configuraciones determinadas del servidor HTTP Apache, (2) .php. en Windows, o (3) .php/ en Linux; y, a continuación, realizando una petición directa a una ruta de directorio bajostorage/. • https://www.exploit-db.com/exploits/9450 http://marc.info/?l=bugtraq&m=125060676515670&w=2 http://secunia.com/advisories/36309 http://www.exploit-db.com/exploits/9450 http://www.osvdb.org/57237 http://www.securityfocus.com/bid/36062 http://www.ush.it/2009/08/18/vtiger-crm-504-multiple-vulnerabilities http://www.ush.it/team/ush/hack-vtigercrm_504/vtigercrm_504.txt http://www.vupen.com/english/advisories/2009/2319 • CWE-20: Improper Input Validation •

CVSS: 6.8EPSS: 3%CPEs: 1EXPL: 7

CVE-2009-3248 – vTiger CRM 5.0.4 - Remote Code Execution / Cross-Site Request Forgery / Local File Inclusion / Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2009-3248

Cross-site request forgery (CSRF) vulnerability in the RSS module in vtiger CRM 5.0.4 allows remote attackers to hijack the authentication of Admin users for requests that modify the news feed system via the rssurl parameter in a Save action to index.php. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en el módulo RSS de vtiger CRM v5.0.4, permite a atacantes remotos secuestrar la autenticación de los usuarios Admin para solicitudes que modifican el sistema de fuentes de noticias a través del parámetro rssurl en una acción Save -guardar- en index.php. • https://www.exploit-db.com/exploits/9450 http://marc.info/?l=bugtraq&m=125060676515670&w=2 http://secunia.com/advisories/36309 http://www.exploit-db.com/exploits/9450 http://www.osvdb.org/57238 http://www.securityfocus.com/bid/36062 http://www.ush.it/2009/08/18/vtiger-crm-504-multiple-vulnerabilities http://www.ush.it/team/ush/hack-vtigercrm_504/vtigercrm_504.txt http://www.vupen.com/english/advisories/2009/2319 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2009-3251

https://notcve.org/view.php?id=CVE-2009-3251

include/utils/ListViewUtils.php in vtiger CRM before 5.1.0 allows remote authenticated users to bypass intended access restrictions and read the (1) visibility, (2) location, and (3) recurrence fields of a calendar via a custom view. include/utils/ListViewUtils.php en vtiger CRM anteriores a 5.1.0 permite a usuarios remotos autenticados evitar las restricciones de acceso previstas y leer los campos (1) visibilidad, (2) localización, y (3) recurrencia de un calendario a través de una vista personalizada. • http://secunia.com/advisories/36309 http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/12407 http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/4208 http://www.osvdb.org/57241 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 6

CVE-2009-3247 – vTiger CRM 5.0.4 - Remote Code Execution / Cross-Site Request Forgery / Local File Inclusion / Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2009-3247

Cross-site scripting (XSS) vulnerability in the Activities module in vtiger CRM 5.0.4 allows remote attackers to inject arbitrary web script or HTML via the action parameter to phprint.php. NOTE: the query_string vector is already covered by CVE-2008-3101.3. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo Activities en vtiger CRM v5.0.4, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro "action" al phprint.php. NOTA: el vector query_String actualmente está reportado en el CVE-2008-3101. • https://www.exploit-db.com/exploits/9450 http://secunia.com/advisories/36309 http://www.exploit-db.com/exploits/9450 http://www.osvdb.org/57240 http://www.securityfocus.com/bid/36062 http://www.ush.it/2009/08/18/vtiger-crm-504-multiple-vulnerabilities http://www.ush.it/team/ush/hack-vtigercrm_504/vtigercrm_504.txt http://www.vupen.com/english/advisories/2009/2319 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1...4 5 6 7 8