CVE-2006-4617
https://notcve.org/view.php?id=CVE-2006-4617
Unrestricted file upload vulnerability in fileupload.html in vtiger CRM 4.2.4, and possibly earlier versions, allows remote attackers to upload and execute arbitrary files with executable extensions in the /cashe/mails folder. Vulnerabilidad de actualización de archivo no restrictiva en fileupload.html en vtiger CRM 4.2.4, y posiblemente versiones anteriores, permite a un atacante remoto actualizar y ejecutar ficheros de su elección con extensiones ejecutables en la carpeta /cashe/mails. • http://www.osvdb.org/28459 http://www.security-net.biz/adv/D3906a.txt •
CVE-2006-4588
https://notcve.org/view.php?id=CVE-2006-4588
vtiger CRM 4.2.4, and possibly earlier, allows remote attackers to bypass authentication and access administrative modules via a direct request to index.php with a modified module parameter, as demonstrated using the Settings module. vtiger CRM 4.2.4, y posiblemente anteriores, permiten a un atacante remoto evitar la validación y acceder a modulos de administración a través de una pregunta directa a index.php con un parámetro modificado de modulo, como se demostró con el uso del módulo Settings. • http://secunia.com/advisories/21728 http://www.osvdb.org/28462 http://www.security-net.biz/adv/D3906a.txt http://www.securityfocus.com/bid/19829 http://www.vupen.com/english/advisories/2006/3444 •
CVE-2006-4587
https://notcve.org/view.php?id=CVE-2006-4587
Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 4.2.4, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) description parameter in unspecified modules or the (2) solution parameter in the HelpDesk module. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en vtiger CRM 4.2.4, y posiblemente anteriores, permitem a un atacante remoto inyectar secuencias de comandos web o HTML a través del (1) parámetro description en modulos no especificados o el (2) parámetro solution en el modulo HelpDesk. • http://secunia.com/advisories/21728 http://www.osvdb.org/28460 http://www.osvdb.org/28461 http://www.security-net.biz/adv/D3906a.txt http://www.securityfocus.com/bid/19829 http://www.vupen.com/english/advisories/2006/3444 •
CVE-2005-3822
https://notcve.org/view.php?id=CVE-2005-3822
Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username in the login form or (2) record parameter, as demonstrated in the EditView action for the Contacts module. • http://marc.info/?l=full-disclosure&m=113290708121951&w=2 http://secunia.com/advisories/17693 http://securityreason.com/securityalert/203 http://securitytracker.com/id?1015274 http://www.securityfocus.com/archive/1/417711/30/0/threaded http://www.securityfocus.com/bid/15569 http://www.vupen.com/english/advisories/2005/2569 •
CVE-2005-3824
https://notcve.org/view.php?id=CVE-2005-3824
The uploads module in vTiger CRM 4.2 and earlier allows remote attackers to upload arbitrary files, such as PHP files, via the add2db action. • http://marc.info/?l=full-disclosure&m=113290708121951&w=2 http://secunia.com/advisories/17693 http://securitytracker.com/id?1015274 http://www.securityfocus.com/archive/1/417711/30/0/threaded http://www.securityfocus.com/bid/15569 http://www.vupen.com/english/advisories/2005/2569 •