NotCVE - vendor:"Dolibarr" product:"Dolibarr Erp\/crm" version:"

Page 9 of 86 results (0.010 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 3

CVE-2014-3992 – Dolibarr ERP/CRM 3.5.3 - Multiple Vulnerabilities

https://notcve.org/view.php?id=CVE-2014-3992

08 Jul 2014 — Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) entity parameter in an update action to user/fiche.php or (2) sortorder parameter to user/group/index.php. Múltiples vulnerabilidades de inyección SQL en Dolibarr ERP/CRM 3.5.3 permiten a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través del (1) parámetro entity en una acción de actualización en user/fiche.php o (2) parámetro sortorder en user... • https://packetstorm.news/files/id/127389 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 3

CVE-2012-1225 – Dolibarr ERP/CRM 3.x - '/adherents/fiche.php' SQL Injection

https://notcve.org/view.php?id=CVE-2012-1225

21 Feb 2012 — Multiple SQL injection vulnerabilities in Dolibarr CMS 3.2.0 Alpha and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) memberslist parameter (aka Member List) in list.php or (2) rowid parameter to adherents/fiche.php. Múltiples vulnerabilidades de inyección SQL en Dolibarr CMS v3.2.0 Alpha y anteriores permite a usuarios autenticados de forma remota ejecutar comandos SQL a través de (1) el parámetro memberslist (también conocido como Member List) en list.php o (2) el p... • https://www.exploit-db.com/exploits/36683 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.1EPSS: 17%CPEs: 1EXPL: 5

CVE-2012-1226 – Dolibarr ERP/CRM 3.2 Alpha - Multiple Directory Traversal Vulnerabilities

https://notcve.org/view.php?id=CVE-2012-1226

21 Feb 2012 — Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the (1) file parameter to document.php or (2) backtopage parameter in a create action to comm/action/fiche.php. Múltiples vulnerabilidades de salto de directorio en Dolibarr CMS v3.2.0 Alpha permite a atacantes remotos leer ficheros arbitrarios y posiblemente ejecutar código arbitrario a través de un .. (punto punto) en el parámetro... • https://www.exploit-db.com/exploits/36873 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 11

CVE-2011-4802 – Dolibarr ERP/CRM 3.1.0 - '/admin/boxes.php?rowid' SQL Injection

https://notcve.org/view.php?id=CVE-2011-4802

14 Dec 2011 — Multiple SQL injection vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) sortfield, (2) sortorder, and (3) sall parameters to user/index.php and (b) user/group/index.php; the id parameter to (4) info.php, (5) perms.php, (6) param_ihm.php, (7) note.php, and (8) fiche.php in user/; and (9) rowid parameter to admin/boxes.php. Múltiples vulnerabilidades de inyección SQL en Dolibarr v3.1.0 RC y probablemente anteriores, permit... • https://www.exploit-db.com/exploits/36333 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 7

CVE-2011-4814 – Dolibarr ERP/CRM 3.1 - Multiple Script URI Cross-Site Scripting Vulnerabilities

https://notcve.org/view.php?id=CVE-2011-4814

14 Dec 2011 — Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) admin/boxes.php, (3) comm/clients.php, (4) commande/index.php; and the optioncss parameter to (5) admin/ihm.php and (6) user/home.php. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Dolibarr v3.1.0 RC y probablemente anteriores, permite a atacantes remotos inyectar sec... • https://www.exploit-db.com/exploits/36330 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2011-4329

https://notcve.org/view.php?id=CVE-2011-4329

28 Nov 2011 — Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 3.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter in a setup action to admin/company.php, or the PATH_INFO to (2) admin/security_other.php, (3) admin/events.php, or (4) admin/user.php. Varias vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en Dolibarr v3.1.0 permiten a atacantes remotos inyectar secuencias de comandos web o HTML a través de (1) el parámetro username en una acci... • http://archives.neohapsis.com/archives/bugtraq/2011-11/0052.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1...7 8 9