Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vtiger vulnerabilities and exploits
(subscribe to this query)
490
VMScore
CVE-2007-3598
index.php in vtiger CRM prior to 5.0.3 allows remote authenticated users to obtain all users' names and e-mail addresses, and possibly change user settings, via a modified record parameter in a DetailView action to the Users module. NOTE: the vendor disputes the changing of ...
Vtiger Vtiger Crm
187
VMScore
CVE-2007-3601
vtiger CRM prior to 5.0.3, when a migrated build is used, allows remote authenticated users to read certain other users' calendar activities via a (1) home page or (2) event list view.
Vtiger Vtiger Crm
490
VMScore
CVE-2007-3602
The SOAP webservice in vtiger CRM prior to 5.0.3 does not ensure that authenticated accounts are active, which allows remote authenticated users with inactive accounts to access and modify data, as demonstrated by the Thunderbird plugin.
Vtiger Vtiger Crm
578
VMScore
CVE-2007-3603
SQL injection vulnerability in the dashboard (include/utils/SearchUtils.php) in vtiger CRM prior to 5.0.3 allows remote authenticated users to execute arbitrary SQL commands via the assigned_user_id parameter in a Potentials ListView action to index.php.
Vtiger Vtiger Crm
356
VMScore
CVE-2007-3604
vtiger CRM prior to 5.0.3 allows remote authenticated users with access to the Analytics DashBoard menu to bypass data restrictions and read the pipeline of the entire organization, possibly involving modules/Potentials/Potentials.php.
Vtiger Vtiger Crm
356
VMScore
CVE-2007-3617
The report module in vtiger CRM prior to 5.0.3 does not properly apply security rules, which allows remote authenticated users to read arbitrary private module entries.
Vtiger Vtiger Crm
570
VMScore
CVE-2005-3820
Multiple directory traversal vulnerabilities in index.php in vTiger CRM 4.2 and previous versions allow remote malicious users to read or include arbitrary files, an ultimately execute arbitrary PHP code, via .. (dot dot) and null byte ("%00") sequences in the (1) modul...
Vtiger Vtiger Crm
668
VMScore
CVE-2005-3822
Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and previous versions allow remote malicious users to execute arbitrary SQL commands via the (1) username in the login form or (2) record parameter, as demonstrated in the EditView action for the Contacts module.
Vtiger Vtiger Crm
445
VMScore
CVE-2005-3824
The uploads module in vTiger CRM 4.2 and previous versions allows remote malicious users to upload arbitrary files, such as PHP files, via the add2db action.
Vtiger Vtiger Crm
356
VMScore
CVE-2009-3251
include/utils/ListViewUtils.php in vtiger CRM prior to 5.1.0 allows remote authenticated users to bypass intended access restrictions and read the (1) visibility, (2) location, and (3) recurrence fields of a calendar via a custom view.
Vtiger Vtiger Crm
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
firmware
CVE-2006-4304
CVE-2024-32878
CVE-2024-31502
XSS
CVE-2024-3059
CVE-2024-33692
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »