Vendor Dictionary: vtiger.com

vtiger.com

Short Name:	[None Entered]
Previous Names:	[None Entered]
URL:	[None Entered]
Email:	[None Entered]
Security URL:	[None Entered]
Security Email:	[None Entered]
Knowledge Base:	[None Entered]
Notes:	[No Notes]
Full Details...

Vulnerabilities by Vendor Product

vtiger.com

vtiger.com

vTiger CRM: 4.2.4; OSVDB ID: 28461 vtiger CRM HelpDesk Module solution Parameter XSS; OSVDB ID: 28460 vtiger CRM Multiple Module description Parameter XSS; OSVDB ID: 28462 vtiger CRM Admin Modules Direct Request Authentication Bypass; OSVDB ID: 28459 vtiger CRM fileupload.html Arbitrary PHP Code Execution

vTiger: 4.2; OSVDB ID: 12120 SugarCRM Multiple Module XSS; OSVDB ID: 12228 SugarCRM Direct Script Call XSS; OSVDB ID: 12229 SugarCRM Multiple Module record Parameter SQL Injection; OSVDB ID: 12230 SugarCRM Multiple Module Traversal Arbitrary File Access; OSVDB ID: 13269 SugarCRM Module Path Disclosure; OSVDB ID: 21230 vtiger CRM Multiple Data Set Field Local XSS; OSVDB ID: 21227 vtiger CRM RSS Aggregation Module Feed XSS; OSVDB ID: 21226 vtiger CRM Login username Field SQL Injection; OSVDB ID: 21225 vtiger CRM HelpDesk Module index.php Multiple Parameter SQL Injection; OSVDB ID: 21224 vtiger CRM Multiple Parameter Traversal Local File Inclusion; OSVDB ID: 21223 vtiger CRM Logging Function Arbitrary PHP Code Injection; OSVDB ID: 21228 vtiger CRM Multiple Script $_SERVER['PHP_SELF'] Parameter XSS; OSVDB ID: 21229 vtiger CRM Leads Module record Parameter XSS

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.