CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2005-3822
https://notcve.org/view.php?id=CVE-2005-3822
Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username in the login form or (2) record parameter, as demonstrated in the EditView action for the Contacts module. • http://marc.info/?l=full-disclosure&m=113290708121951&w=2 http://secunia.com/advisories/17693 http://securityreason.com/securityalert/203 http://securitytracker.com/id?1015274 http://www.securityfocus.com/archive/1/417711/30/0/threaded http://www.securityfocus.com/bid/15569 http://www.vupen.com/english/advisories/2005/2569 •
CVSS: 5.0EPSS: 3%CPEs: 1EXPL: 0CVE-2005-3824
https://notcve.org/view.php?id=CVE-2005-3824
The uploads module in vTiger CRM 4.2 and earlier allows remote attackers to upload arbitrary files, such as PHP files, via the add2db action. • http://marc.info/?l=full-disclosure&m=113290708121951&w=2 http://secunia.com/advisories/17693 http://securitytracker.com/id?1015274 http://www.securityfocus.com/archive/1/417711/30/0/threaded http://www.securityfocus.com/bid/15569 http://www.vupen.com/english/advisories/2005/2569 •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2005-3823
https://notcve.org/view.php?id=CVE-2005-3823
The Users module in vTiger CRM 4.2 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary file in the templatename parameter, which is passed to the eval function. • http://marc.info/?l=full-disclosure&m=113290708121951&w=2 http://secunia.com/advisories/17693 http://securitytracker.com/id?1015274 http://www.securityfocus.com/archive/1/417711/30/0/threaded http://www.securityfocus.com/bid/15569 http://www.vupen.com/english/advisories/2005/2569 •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 3CVE-2005-3819 – vTiger CRM 4.2 - SQL Injection
https://notcve.org/view.php?id=CVE-2005-3819
Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary SQL commands and bypass authentication via the (1) user_name and (2) date parameter in the HelpDesk module. • https://www.exploit-db.com/exploits/26586 http://secunia.com/advisories/17693 http://securitytracker.com/id?1015271 http://www.hardened-php.net/advisory_232005.105.html http://www.osvdb.org/21225 http://www.securityfocus.com/archive/1/417730/30/0/threaded http://www.securityfocus.com/bid/15562 http://www.vupen.com/english/advisories/2005/2569 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2005-3821
https://notcve.org/view.php?id=CVE-2005-3821
Cross-site scripting (XSS) vulnerability in vTiger CRM 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via multiple vectors, including the account name. • http://marc.info/?l=full-disclosure&m=113290708121951&w=2 http://secunia.com/advisories/17693 http://securitytracker.com/id?1015274 http://www.osvdb.org/21232 http://www.securityfocus.com/archive/1/417711/30/0/threaded http://www.securityfocus.com/bid/15569 http://www.vupen.com/english/advisories/2005/2569 •