sales software vulnerabilities
vulnerabilities.aspcode.net
Searching sales software vulnerabilities
SQL injection vulnerability in SugarCRM Sugar S
vulnerability
|
functionality
|
privileges
|
DetailView
|
parameters
|
attackers
|
arbitrary
|
parameter
|
injection
|
commands
|
SugarCRM
|
indexphp
|
execute
|
action
|
record
|
allows
|
before
|
remote
|
other
|
Sales
|
Sugar
|
201a
|
gain
|
SQL
|
via
|
SQL injection vulnerability in SugarCRM Sugar Sales before 2.0.1a allows remote attackers to execute arbitrary SQL commands and gain privileges via the record parameter in a DetailView action to index.php, and record parameters in other functionality.
SugarCRM Sugar Sales 2.0.1c and earlier allows
demonstrated
|
information
|
phprintphp
|
sensitive
|
attackers
|
parameter
|
SugarCRM
|
requests
|
scripts
|
reveals
|
message
|
contain
|
invalid
|
earlier
|
certain
|
allows
|
remote
|
module
|
error
|
using
|
Sales
|
input
|
Sugar
|
empty
|
which
|
gain
|
path
|
201c
|
via
|
SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to gain sensitive information via certain requests to scripts that contain invalid input, which reveals the path in an error message, as demonstrated using phprint.php with an empty module parameter.
Directory traversal vulnerability in SugarCRM S
vulnerability
|
arbitrary
|
attackers
|
traversal
|
Directory
|
possibly
|
SugarCRM
|
earlier
|
execute
|
remote
|
allows
|
Sales
|
Sugar
|
files
|
code
|
read
|
201c
|
via
|
PHP
|
Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to read arbitrary files and possibly execute arbitrary PHP code via .. (dot dot) sequences in the (1) module, (2) action, or (3) theme parameters to index.php, (4) the theme parameter to Login.php, and possibly other parameters or scripts.
The install scripts in SugarCRM Sugar Sales 2.0
administrative
|
installation
|
attackers
|
cleartext
|
changing
|
password
|
SugarCRM
|
database
|
settings
|
default
|
scripts
|
install
|
removed
|
earlier
|
service
|
allows
|
denial
|
obtain
|
cause
|
Sugar
|
after
|
Sales
|
MySQL
|
which
|
201c
|
form
|
not
|
The install scripts in SugarCRM Sugar Sales 2.0.1c and earlier are not removed after installation, which allows attackers to obtain the MySQL administrative password in cleartext from an installation form, or to cause a denial of service by changing database settings to the default.
Unspecified vulnerability in Enterprise CRM Sal
vulnerability
|
Unspecified
|
Enterprise
|
Oracle
|
Sales
|
CRM
|
Unspecified vulnerability in Enterprise CRM Sales in Oracle 8.81 up to 8.9 has unknown impact and attack vectors, as identified by Oracle Vuln# CRM01.
Unspecified vulnerability in the Sales Online c
vulnerability
|
Unspecified
|
E-Business
|
component
|
Oracle
|
Online
|
Suite
|
Sales
|
Unspecified vulnerability in the Sales Online component for Oracle E-Business Suite 11.5.10 has unknown impact and remote authenticated attack vectors, aka APPS08.
Unspecified vulnerability in the G/PGP (GPG) Pl
vulnerability
|
Unspecified
|
G/PGP
|
Unspecified vulnerability in the G/PGP (GPG) Plugin 2.0 for Squirrelmail 1.4.10a allows remote authenticated users to execute arbitrary commands via unspecified vectors, possibly related to the passphrase variable in the gpg_sign_attachment function, aka ZD-00000004. this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
SQL injection vulnerability in MKPortal 1.1.1 a
vulnerability
|
injection
|
MKPortal
|
SQL
|
SQL injection vulnerability in MKPortal 1.1.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka ZD-00000008. this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
Buffer overflow in Yahoo! Messenger 8.1 allows
user-assisted
|
authenticated
|
unspecified
|
ZD-00000005
|
arbitrary
|
Messenger
|
overflow
|
address
|
execute
|
vectors
|
allows
|
remote
|
listed
|
Buffer
|
Yahoo
|
users
|
book
|
code
|
via
|
aka
|
Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users, who are listed in an address book, to execute arbitrary code via unspecified vectors, aka ZD-00000005. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
Unspecified vulnerability in Pidgin (formerly G
vulnerability
|
Unspecified
|
Pidgin
|
Unspecified vulnerability in Pidgin (formerly Gaim) 2.0.2 for Linux allows remote authenticated users, who are listed in a users list, to execute certain commands via unspecified vectors, aka ZD-00000035. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
Buffer overflow in Mike Dubman Windows RSH daem
overflow
|
Windows
|
daemon
|
Dubman
|
Buffer
|
Mike
|
RSH
|
Buffer overflow in Mike Dubman Windows RSH daemon (rshd) 1.7 has unknown impact and remote attack vectors, aka ZD-00000034. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
Unspecified vulnerability in NetWin SurgeMail 3
vulnerability
|
Unspecified
|
SurgeMail
|
Windows
|
Server
|
NetWin
|
38k
|
Unspecified vulnerability in NetWin SurgeMail 38k on Windows Server 2003 has unknown impact and remote attack vectors. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
Unspecified vulnerability in IAC Search & Media
vulnerability
|
Unspecified
|
toolbar
|
unknown
|
vectors
|
impact
|
remote
|
attack
|
Search
|
askcom
|
Media
|
IAC
|
has
|
Unspecified vulnerability in IAC Search & Media ask.com toolbar has unknown impact and remote attack vectors. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. NOTE: this might be the same issue as CVE-2007-5107.
Unspecified vulnerability in the client in Syma
vulnerability
|
Unspecified
|
Symantec
|
Servers
|
Windows
|
vectors
|
unknown
|
Veritas
|
remote
|
impact
|
attack
|
Backup
|
client
|
Exec
|
11d
|
has
|
Unspecified vulnerability in the client in Symantec Veritas Backup Exec for Windows Servers 11d has unknown impact and remote attack vectors. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
** DISPUTED ** Multiple PHP remote file inclus
FrontAccounting
|
vulnerabilities
|
inclusion
|
DISPUTED
|
Multiple
|
remote
|
file
|
PHP
|
** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in FrontAccounting (FA) 1.12 allow remote attackers to execute arbitrary PHP code via a URL in the path_to_root parameter to (1) access/logout.php or certain PHP scripts under (2) admin/, (3) dimensions/, (4) gl/, (5) inventory/, (6) manufacturing/, (7) purchasing/, (8) reporting/, (9) sales/, or (10) taxes/. NOTE: the config.php vector is already covered by CVE-2007-4279, and the login.php and language.php vectors are already covered by CVE-2007-5117. NOTE: this issue is disputed by CVE because path_to_root is defined before use in all of the other files reported in the original disclosure.
Software vulnerabilities results 1 to 16 of 16
Page:
1