CVSS: 6.8EPSS: 3%CPEs: 2EXPL: 0CVE-2006-4587
https://notcve.org/view.php?id=CVE-2006-4587
Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 4.2.4, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) description parameter in unspecified modules or the (2) solution parameter in the HelpDesk module. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en vtiger CRM 4.2.4, y posiblemente anteriores, permitem a un atacante remoto inyectar secuencias de comandos web o HTML a través del (1) parámetro description en modulos no especificados o el (2) parámetro solution en el modulo HelpDesk. • http://secunia.com/advisories/21728 http://www.osvdb.org/28460 http://www.osvdb.org/28461 http://www.security-net.biz/adv/D3906a.txt http://www.securityfocus.com/bid/19829 http://www.vupen.com/english/advisories/2006/3444 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2005-3822
https://notcve.org/view.php?id=CVE-2005-3822
Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username in the login form or (2) record parameter, as demonstrated in the EditView action for the Contacts module. • http://marc.info/?l=full-disclosure&m=113290708121951&w=2 http://secunia.com/advisories/17693 http://securityreason.com/securityalert/203 http://securitytracker.com/id?1015274 http://www.securityfocus.com/archive/1/417711/30/0/threaded http://www.securityfocus.com/bid/15569 http://www.vupen.com/english/advisories/2005/2569 •
CVSS: 5.0EPSS: 3%CPEs: 1EXPL: 0CVE-2005-3824
https://notcve.org/view.php?id=CVE-2005-3824
The uploads module in vTiger CRM 4.2 and earlier allows remote attackers to upload arbitrary files, such as PHP files, via the add2db action. • http://marc.info/?l=full-disclosure&m=113290708121951&w=2 http://secunia.com/advisories/17693 http://securitytracker.com/id?1015274 http://www.securityfocus.com/archive/1/417711/30/0/threaded http://www.securityfocus.com/bid/15569 http://www.vupen.com/english/advisories/2005/2569 •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2005-3823
https://notcve.org/view.php?id=CVE-2005-3823
The Users module in vTiger CRM 4.2 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary file in the templatename parameter, which is passed to the eval function. • http://marc.info/?l=full-disclosure&m=113290708121951&w=2 http://secunia.com/advisories/17693 http://securitytracker.com/id?1015274 http://www.securityfocus.com/archive/1/417711/30/0/threaded http://www.securityfocus.com/bid/15569 http://www.vupen.com/english/advisories/2005/2569 •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 3CVE-2005-3819 – vTiger CRM 4.2 - SQL Injection
https://notcve.org/view.php?id=CVE-2005-3819
Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary SQL commands and bypass authentication via the (1) user_name and (2) date parameter in the HelpDesk module. • https://www.exploit-db.com/exploits/26586 http://secunia.com/advisories/17693 http://securitytracker.com/id?1015271 http://www.hardened-php.net/advisory_232005.105.html http://www.osvdb.org/21225 http://www.securityfocus.com/archive/1/417730/30/0/threaded http://www.securityfocus.com/bid/15562 http://www.vupen.com/english/advisories/2005/2569 •