Web application abuses : vTiger < 4.5 Alpha 2 Multiple Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.20317

Categoría: Web application abuses

Título: vTiger < 4.5 Alpha 2 Multiple Vulnerabilities

Resumen: vTiger is prone to arbitrary code execution, directory; traversal, SQL injection (allowing authentication bypass) and cross-site scripting (XSS); vulnerabilities.

Descripción: Summary:
vTiger is prone to arbitrary code execution, directory
traversal, SQL injection (allowing authentication bypass) and cross-site scripting (XSS)
vulnerabilities.

Solution:
Update to vTiger version 4.5 alpha 2 or later.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2005-3818
BugTraq ID: 15562
http://www.securityfocus.com/bid/15562
Bugtraq: 20051124 Advisory 23/2005: vTiger multiple vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/417730/30/0/threaded
http://www.hardened-php.net/advisory_232005.105.html
http://www.osvdb.org/21227
http://www.osvdb.org/21228
http://www.osvdb.org/21229
http://www.osvdb.org/21230
http://securitytracker.com/id?1015271
http://secunia.com/advisories/17693
http://www.vupen.com/english/advisories/2005/2569
XForce ISS Database: vtiger-multiple-fields-xss(23362)
https://exchange.xforce.ibmcloud.com/vulnerabilities/23362
XForce ISS Database: vtiger-rss-xss(23363)
https://exchange.xforce.ibmcloud.com/vulnerabilities/23363
Common Vulnerability Exposure (CVE) ID: CVE-2005-3819
http://www.osvdb.org/21225
Common Vulnerability Exposure (CVE) ID: CVE-2005-3820
BugTraq ID: 15569
http://www.securityfocus.com/bid/15569
Bugtraq: 20051125 SEC Consult SA-20051125-0 :: More Vulnerabilities in vTiger CRM (Google Search)
http://www.securityfocus.com/archive/1/417711/30/0/threaded
http://marc.info/?l=full-disclosure&m=113290708121951&w=2
http://securitytracker.com/id?1015274
Common Vulnerability Exposure (CVE) ID: CVE-2005-3821
http://www.osvdb.org/21232
Common Vulnerability Exposure (CVE) ID: CVE-2005-3822
http://securityreason.com/securityalert/203
Common Vulnerability Exposure (CVE) ID: CVE-2005-3823
Common Vulnerability Exposure (CVE) ID: CVE-2005-3824

Copyright Copyright (C) 2005 David Maciejak

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.20317
Categoría:	Web application abuses
Título:	vTiger < 4.5 Alpha 2 Multiple Vulnerabilities
Resumen:	vTiger is prone to arbitrary code execution, directory; traversal, SQL injection (allowing authentication bypass) and cross-site scripting (XSS); vulnerabilities.
Descripción:	Summary: vTiger is prone to arbitrary code execution, directory traversal, SQL injection (allowing authentication bypass) and cross-site scripting (XSS) vulnerabilities. Solution: Update to vTiger version 4.5 alpha 2 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-3818 BugTraq ID: 15562 http://www.securityfocus.com/bid/15562 Bugtraq: 20051124 Advisory 23/2005: vTiger multiple vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/417730/30/0/threaded http://www.hardened-php.net/advisory_232005.105.html http://www.osvdb.org/21227 http://www.osvdb.org/21228 http://www.osvdb.org/21229 http://www.osvdb.org/21230 http://securitytracker.com/id?1015271 http://secunia.com/advisories/17693 http://www.vupen.com/english/advisories/2005/2569 XForce ISS Database: vtiger-multiple-fields-xss(23362) https://exchange.xforce.ibmcloud.com/vulnerabilities/23362 XForce ISS Database: vtiger-rss-xss(23363) https://exchange.xforce.ibmcloud.com/vulnerabilities/23363 Common Vulnerability Exposure (CVE) ID: CVE-2005-3819 http://www.osvdb.org/21225 Common Vulnerability Exposure (CVE) ID: CVE-2005-3820 BugTraq ID: 15569 http://www.securityfocus.com/bid/15569 Bugtraq: 20051125 SEC Consult SA-20051125-0 :: More Vulnerabilities in vTiger CRM (Google Search) http://www.securityfocus.com/archive/1/417711/30/0/threaded http://marc.info/?l=full-disclosure&m=113290708121951&w=2 http://securitytracker.com/id?1015274 Common Vulnerability Exposure (CVE) ID: CVE-2005-3821 http://www.osvdb.org/21232 Common Vulnerability Exposure (CVE) ID: CVE-2005-3822 http://securityreason.com/securityalert/203 Common Vulnerability Exposure (CVE) ID: CVE-2005-3823 Common Vulnerability Exposure (CVE) ID: CVE-2005-3824
Copyright	Copyright (C) 2005 David Maciejak