Small CRM version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
b28b7c8f0127bb7241844c226808ff4819e91f0a3f1cd46bc893d8a250420809
Ubuntu Security Notice 1924-2 - USN-1924-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Ubufox and Unity Firefox Extension. Jeff Gilbert, Henrik Skupin, Ben Turner, Christian Holler, Andrew McCreight, Gary Kwong, Jan Varga and Jesse Ruderman discovered multiple memory safety issues in Firefox. If the user were tricked in to opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Firefox. A use-after-free bug was discovered when the DOM is modified during a SetBody mutation event. If the user were tricked in to opening a specially crafted page, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. A use-after-free bug was discovered when generating a CRMF request with certain parameters. If the user were tricked in to opening a specially crafted page, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. Aki Helin discovered a crash when decoding a WAV file in some circumstances. An attacker could potentially exploit this to cause a denial of service. It was discovered that a document's URI could be set to the URI of a different document. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. A flaw was discovered when generating a CRMF request in certain circumstances. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks, or execute arbitrary code with the privileges of the user invoking Firefox. Bobby Holley discovered that XBL scopes could be used to circumvent XrayWrappers in certain circumstances. An attacked could potentially exploit this to conduct cross-site scripting (XSS) attacks or cause undefined behaviour. Cody Crews discovered that some Javascript components performed security checks against the wrong URI, potentially bypassing same-origin policy restrictions. An attacker could exploit this to conduct cross-site scripting (XSS) attacks or install addons from a malicious site. Federico Lanusse discovered that web workers could bypass cross-origin checks when using XMLHttpRequest. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. Georgi Guninski and John Schoenick discovered that Java applets could access local files under certain circumstances. An attacker could potentially exploit this to steal confidential data. Various other issues were also addressed.
d5607d8e20cc440391ba757e7d3496cd61fbee9d67917085c9b5c5ebf59e0da4
vtiger CRM versions 5.4.0 and below suffer from an authentication bypass vulnerability in the validateSession() function of multiple SOAP services.
4c13f831557ef27b5842aff9fd698a9ebf4ce0876e6b9976884ca5c5550883da
vtiger CRM versions 5.4.0 and below suffer from multiple remote SQL injection vulnerabilities in customerportal.php.
0bdbe4caa49a6accff478f7e437e0fb94a9d85c37596d337ecd9e9829b7ce9ee
vtiger CRM versions 5.4.0 and below suffer from multiple local file inclusion vulnerabilities in customerportal.php.
29e3aad2d7ca794886041f23e78628f30acc7129c030d2bf78107c3a25fe0a1f
vtiger CRM versions 5.4.0 and below suffer from a remote PHP code injection vulnerability in vtigerolservice.php.
815a18f425acb88ab1539eda82729d41812748d11048ac8fb98c75353fce269b
Janissaries Joomla Civicrm component exploitation tool that uploads a shell.
a0d2608dc143c3c9606df7b7c625c70c510de3c71f8eee4f0a1e2f23601c835a
Secunia Security Advisory - Multiple vulnerabilities have been reported in Oracle Siebel CRM, which can be exploited by malicious users to disclose certain sensitive information and cause a DoS (Denial of Service) and by malicious people to disclose certain sensitive information, manipulate certain data, and cause a DoS (Denial of Service).
e6ce648f43d8f065aafc7e50c045089d592c26bcfd2fc4af9fabdf0db3b4ae87
Secunia Security Advisory - A vulnerability with an unknown impact has been reported in the vTiger CRM Lead Capture plugin for WordPress.
af6100980a657ab2be4242a638cc1762fcac2ba01f0da77b382f770a51e40fdb
Secunia Security Advisory - A security issue has been reported in the CiviCRM module for Drupal, which can be exploited by malicious people to conduct spoofing attacks.
d4ae4124a4cdc1cab017118ad5c53fdb91d9af3debd714751afe1903d7b7c8f3
Drupal Webform CiviCRM Integration third party module version 7.x suffers from an access bypass vulnerability.
b76b03e4b8ce8562a35fd0ad76b0df92b97e07f3fb7533e3042532c7b5bb2f1a
Secunia Security Advisory - HTTPCS has discovered two vulnerabilities in Dolibarr ERP/CRM, which can be exploited by malicious people to conduct cross-site scripting attacks.
0e8002d56d3f0652391c5b00efd5db29110678b5fa276fc5381642b840c67d6a
Secunia Security Advisory - Two vulnerabilities have been reported in Oracle Siebel CRM, which can be exploited by malicious users and malicious people to disclose certain sensitive information.
ea805e89d6ceff73c563a3185a75e710e47041c4e6f05c04f1021de36eeac293
Secunia Security Advisory - Brendan Coles has discovered a weakness and some vulnerabilities in SugarCRM, which can be exploited by malicious users to conduct script insertion attacks, disclose sensitive information, and conduct SQL injection attacks and by malicious people to disclose certain system information.
a946df528af1f95f6c5b99df6b75b0ee1890dd4a3fbc2e5a912e605c4e71e8ce
Joomla versions 1.7 and 2.5 suffers from an arbitrary file upload vulnerability in the Civicrm component.
5409c8f69be1b43458970487fee32a18637708e439cd0869b6a54d62c9b6bb0e
Secunia Security Advisory - Multiple vulnerabilities have been reported in Oracle Siebel CRM, which can be exploited by malicious users to disclose certain sensitive information and by malicious people to disclose certain sensitive information, manipulate certain data, and cause a DoS (Denial of Service).
e05d58092d12b1288b4ef3057ee5b9da421bbe48e5f3e35984b9e947e929d797
Secunia Security Advisory - Egidio Romano has reported a vulnerability in SugarCRM, which can be exploited by malicious users to compromise a vulnerable system.
0b5b1482b378643f2bf6632ee0323f03da626add0f05cfbc0c91c32a42618324
This Metasploit module exploits a php unserialize() vulnerability in SugarCRM versions 6.3.1 and below which could be abused to allow authenticated SugarCRM users to execute arbitrary code with the permissions of the webserver. The dangerous unserialize() exists in the 'include/MVC/View/views/view.list.php' script, which is called with user controlled data from the 'current_query_by_page' parameter. The exploit abuses the __destruct() method from the SugarTheme class to write arbitrary PHP code to a 'pathCache.php' on the web root.
1e73a4a4f9bf312d43feeea95213bce49f5dcf97660320b96cca53b8c0f4ba3d
SugarCRM CE versions 6.3.1 and below suffer from an unserialize() PHP code execution vulnerability.
aab5a6efe1a4cde61efe9db861472c86ce178987dbf7a7fa592b500fdf1a7a17
Secunia Security Advisory - A vulnerability has been reported in Oracle PeopleSoft Enterprise CRM, which can be exploited by malicious people to manipulate certain data.
f9baa24af1906b6b48ad20e20b4060dcafdb991ba82ee5fca09cdde271130e3f
GroupWare epesiBIM CRM version 1.2.1 suffers from a cross site scripting vulnerability.
c8547aac5f5cba34e71dc25c9a17b80bad80d40910df5ab397eefbfb9b3d332a
This Metasploit module exploits a vulnerability found in Dolibarr ERP/CRM's backup feature. This software is used to manage a company's business information such as contacts, invoices, orders, stocks, agenda, etc. When processing a database backup request, the export.php function does not check the input given to the sql_compat parameter, which allows a remote authenticated attacker to inject system commands into it, and then gain arbitrary code execution.
f473f9176eddcff3e9c592e1ef0bfc7d0a0e762392a39abfb965fb4ca8ee9b22
Dolibarr ERP and CRM suffers from an operating system command injection vulnerability. Versions 3.1.1 and below and 3.2.0 and below are affected.
12cbccf9e032e58bbcfb558ce094025f740cd5c49cca609440f370009e6de991
Vtiger CRM version 5.1.0 suffers from a local file inclusion vulnerability.
8e83c51a72f991a07299b08bbdf81235ef5012669b9869013fa6ec78756b144d
Secunia Security Advisory - Vulnerability-Lab has discovered a vulnerability in Dolibarr ERP/CRM, which can be exploited by malicious users to conduct SQL injection attacks.
140e2461dfc9fe15e375b5a5ffca2b63969d8c558447c5d1db00c9c0252effed
Secunia Security Advisory - A vulnerability has been reported in Oracle PeopleSoft Enterprise CRM, which can be exploited by malicious users to manipulate certain data.
3ff3aace7089dcd1ac5051e9ff23333226fd8168c4ce507260d3c0eff95e0670