Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
crm vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2013-7224
Fat Free CRM prior to 0.12.1 does not restrict JSON serialization, which allows remote malicious users to obtain sensitive information via a direct request, as demonstrated by a request for users/1.json.
Fatfreecrm Fat Free Crm
Fatfreecrm Fat Free Crm 0.9.8
Fatfreecrm Fat Free Crm 0.9.6
Fatfreecrm Fat Free Crm 0.11.1
Fatfreecrm Fat Free Crm 0.11.0
Fatfreecrm Fat Free Crm 0.10.1
Fatfreecrm Fat Free Crm 0.9.10
Fatfreecrm Fat Free Crm 0.11.2
Fatfreecrm Fat Free Crm 0.9.9
Fatfreecrm Fat Free Crm 0.9.7
5
CVSSv2
CVE-2013-7222
config/initializers/secret_token.rb in Fat Free CRM prior to 0.12.1 has a fixed FatFreeCRM::Application.config.secret_token value, which makes it easier for remote malicious users to spoof signed cookies by referring to the key in the source code.
Fatfreecrm Fat Free Crm 0.11.2
Fatfreecrm Fat Free Crm 0.9.9
Fatfreecrm Fat Free Crm 0.9.7
Fatfreecrm Fat Free Crm 0.11.1
Fatfreecrm Fat Free Crm 0.11.0
Fatfreecrm Fat Free Crm 0.10.1
Fatfreecrm Fat Free Crm 0.9.10
Fatfreecrm Fat Free Crm
Fatfreecrm Fat Free Crm 0.9.8
Fatfreecrm Fat Free Crm 0.9.6
6.5
CVSSv2
CVE-2013-7225
Multiple SQL injection vulnerabilities in app/controllers/home_controller.rb in Fat Free CRM prior to 0.12.1 allow remote authenticated users to execute arbitrary SQL commands via (1) the homepage timeline feature or (2) the activity feature.
Fatfreecrm Fat Free Crm 0.11.0
Fatfreecrm Fat Free Crm 0.9.10
Fatfreecrm Fat Free Crm
Fatfreecrm Fat Free Crm 0.11.2
Fatfreecrm Fat Free Crm 0.11.1
Fatfreecrm Fat Free Crm 0.9.8
Fatfreecrm Fat Free Crm 0.9.7
Fatfreecrm Fat Free Crm 0.9.6
Fatfreecrm Fat Free Crm 0.10.1
Fatfreecrm Fat Free Crm 0.9.9
6.8
CVSSv2
CVE-2013-7223
Multiple cross-site request forgery (CSRF) vulnerabilities in Fat Free CRM prior to 0.12.1 allow remote malicious users to hijack the authentication of unspecified victims via unknown vectors, related to the lack of a protect_from_forgery line in app/controllers/application_contr...
Fatfreecrm Fat Free Crm 0.11.2
Fatfreecrm Fat Free Crm 0.11.0
Fatfreecrm Fat Free Crm 0.9.10
Fatfreecrm Fat Free Crm 0.9.9
Fatfreecrm Fat Free Crm 0.9.8
Fatfreecrm Fat Free Crm 0.9.7
Fatfreecrm Fat Free Crm
Fatfreecrm Fat Free Crm 0.11.1
Fatfreecrm Fat Free Crm 0.10.1
Fatfreecrm Fat Free Crm 0.9.6
5
CVSSv2
CVE-2013-7249
Fat Free CRM prior to 0.12.1 does not restrict XML serialization, which allows remote malicious users to obtain sensitive information via a direct request, as demonstrated by a request for users/1.xml, a different vulnerability than CVE-2013-7224.
Fatfreecrm Fat Free Crm 0.10.1
Fatfreecrm Fat Free Crm 0.9.10
Fatfreecrm Fat Free Crm 0.9.9
Fatfreecrm Fat Free Crm 0.9.8
Fatfreecrm Fat Free Crm
Fatfreecrm Fat Free Crm 0.11.1
Fatfreecrm Fat Free Crm 0.9.6
Fatfreecrm Fat Free Crm 0.9.7
Fatfreecrm Fat Free Crm 0.11.2
Fatfreecrm Fat Free Crm 0.11.0
6.5
CVSSv2
CVE-2011-4802
Multiple SQL injection vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) sortfield, (2) sortorder, and (3) sall parameters to user/index.php and (b) user/group/index.php; the id parameter to (4...
Dolibarr Dolibarr Erp\\/crm 2.9.0
Dolibarr Dolibarr Erp\\/crm 2.8.1
Dolibarr Dolibarr Erp\\/crm
Dolibarr Dolibarr Erp\\/crm 2.6.0
Dolibarr Dolibarr Erp\\/crm 3.0.0
Dolibarr Dolibarr Erp\\/crm 2.7.1
Dolibarr Dolibarr Erp\\/crm 2.6.1
Dolibarr Dolibarr Erp\\/crm 2.5.0
Dolibarr Dolibarr Erp\\/crm 2.7.0
Dolibarr Dolibarr Erp\\/crm 2.8.0
Dolibarr Dolibarr Erp\\/crm 3.0.1
3 EDB exploits
4.3
CVSSv2
CVE-2011-4814
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote malicious users to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) admin/boxes.php, (3) comm/clients.php, (4) commande/index.php; and the optionc...
Dolibarr Dolibarr Erp\\/crm 2.9.0
Dolibarr Dolibarr Erp\\/crm 2.8.1
Dolibarr Dolibarr Erp\\/crm
Dolibarr Dolibarr Erp\\/crm 2.6.0
Dolibarr Dolibarr Erp\\/crm 3.0.0
Dolibarr Dolibarr Erp\\/crm 2.7.1
Dolibarr Dolibarr Erp\\/crm 2.6.1
Dolibarr Dolibarr Erp\\/crm 2.5.0
Dolibarr Dolibarr Erp\\/crm 2.7.0
Dolibarr Dolibarr Erp\\/crm 2.8.0
Dolibarr Dolibarr Erp\\/crm 3.0.1
1 EDB exploit
4.3
CVSSv2
CVE-2019-2669
Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Preferences). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attac...
Oracle Crm Technical Foundation 12.2.8
Oracle Crm Technical Foundation 12.2.4
Oracle Crm Technical Foundation 12.2.6
Oracle Crm Technical Foundation 12.1.3
Oracle Crm Technical Foundation 12.2.3
Oracle Crm Technical Foundation 12.2.5
Oracle Crm Technical Foundation 12.2.7
5.8
CVSSv2
CVE-2019-2671
Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Preferences). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attac...
Oracle Crm Technical Foundation 12.2.3
Oracle Crm Technical Foundation 12.2.8
Oracle Crm Technical Foundation 12.2.4
Oracle Crm Technical Foundation 12.2.5
Oracle Crm Technical Foundation 12.2.6
Oracle Crm Technical Foundation 12.2.7
Oracle Crm Technical Foundation 12.1.3
5.8
CVSSv2
CVE-2019-2639
Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Preferences). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attac...
Oracle Crm Technical Foundation 12.2.3
Oracle Crm Technical Foundation 12.2.5
Oracle Crm Technical Foundation 12.2.6
Oracle Crm Technical Foundation 12.2.7
Oracle Crm Technical Foundation 12.2.8
Oracle Crm Technical Foundation 12.1.3
Oracle Crm Technical Foundation 12.2.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040
privilege escalation
CVE-2024-4112
CVE-2024-32872
man-in-the-middle
CVE-2024-32788
bypass
CVE-2024-3400
CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »