Published: 18/10/2004 Updated: 11/07/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 510

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Directory traversal vulnerability in SalesLogix 6.1 allows remote malicious users to upload arbitrary files via a .. (dot dot) in a ProcessQueueFile request.

Vulnerable Product	Search on Vulmon	Subscribe to Product
saleslogix corporation saleslogix 2000.0

#!/usr/bin/perl # # Proof of concept exploit: Arbitrary file creation for SLX server 61 # # Written by Carl Livitt, Agenda Security Services, June 2004 # # This exploit abuses the ProcessQueueFile command on SLX 61 (others?) servers # to create arbitrary files on the filesystem of the SLX server By using # directory traversal, it is possible to ...

source: wwwsecurityfocuscom/bid/11450/info Best Software SalesLogix is affected by multiple vulnerabilities These issues are due to design errors that reveal sensitive information, access control validation issues that allow unauthorized access and input validation issues facilitating SQL injection attacks An attacker may leverage thes ...

NVD-CWE-Other http://www.securityfocus.com/bid/11450 http://secunia.com/advisories/12883 http://archives.neohapsis.com/archives/fulldisclosure/2004-10/0661.html http://www.osvdb.org/10949 http://securitytracker.com/id?1011769 http://marc.info/?l=bugtraq&m=109811852218478&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/17765 https://nvd.nist.gov https://www.exploit-db.com/exploits/583/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2004-1612

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect