Multiple unspecified vulnerabilities in ActiveX controls in the EnjoySAP SAP GUI allow remote attackers to create certain files via unspecified vectors. Date published : 2007-07-06 http://www.securityfocus.com/bid/24776 http://www.securityfocus.com/archive/1/472887/100/0/threaded
Multiple unspecified vulnerabilities in ActiveX controls in the EnjoySAP SAP GUI allow remote attackers to cause a denial of service (process crash) via unspecified vectors. Date published : 2007-07-06 http://www.securityfocus.com/bid/24776 http://www.securityfocus.com/archive/1/472887/100/0/threaded
Heap-based buffer overflow in the rfcguisink.rfcguisink.1 ActiveX control in the EnjoySAP SAP GUI, on systems using ASCII versions, allows remote attackers to execute arbitrary code via a long first argument to the LaunchGui function....
Stack-based buffer overflow in the kweditcontrol.kwedit.1 ActiveX control in FrontEndSapGuikwedit.dll in the EnjoySAP SAP GUI allows remote attackers to execute arbitrary code via a long argument to the PrepareToPostHTML function. Date published : 2007-07-06...
vtiger CRM before 5.0.3 allows remote authenticated users with access to the Analytics DashBoard menu to bypass data restrictions and read the pipeline of the entire organization, possibly involving modules/Potentials/Potentials.php. Date published : 2007-07-06...
SQL injection vulnerability in the dashboard (include/utils/SearchUtils.php) in vtiger CRM before 5.0.3 allows remote authenticated users to execute arbitrary SQL commands via the assigned_user_id parameter in a Potentials ListView action to index.php. Date published...
The SOAP webservice in vtiger CRM before 5.0.3 does not ensure that authenticated accounts are active, which allows remote authenticated users with inactive accounts to access and modify data, as demonstrated by the Thunderbird...
vtiger CRM before 5.0.3, when a migrated build is used, allows remote authenticated users to read certain other users’ calendar activities via a (1) home page or (2) event list view. Date published :...
WordPlugin in the wordintegration component in vtiger CRM before 5.0.3 allows remote authenticated users to bypass field level security permissions and merge arbitrary fields in an Email template, as demonstrated by the fields in...
vtiger CRM before 5.0.3 allows remote authenticated users to import and export the information for a contact even when they only have the View permission. Date published : 2007-07-06 http://trac.vtiger.com/cgi-bin/trac.cgi/report/9 http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2968
index.php in vtiger CRM before 5.0.3 allows remote authenticated users to obtain all users’ names and e-mail addresses, and possibly change user settings, via a modified record parameter in a DetailView action to the...
Session fixation vulnerability in Zen Cart 1.3.7 and earlier allows remote attackers to hijack web sessions by setting the Cookie parameter. Date published : 2007-07-06 http://www.securityfocus.com/archive/1/472875/100/0/threaded http://sourceforge.net/project/shownotes.php?release_id=474574&group_id=83781
inc/vul_check.inc in phpVideoPro before 0.8.8 permits non-alphanumeric characters in the sess_id parameter, which has unknown impact and remote attack vectors, probably cross-site scripting (XSS). Date published : 2007-07-06 http://www.securityfocus.com/bid/24644 http://phpvideopro.cvs.sourceforge.net/phpvideopro/phpvideopro/inc/vul_check.inc?r1=1.10&r2=1.11
Multiple cross-site scripting (XSS) vulnerabilities in AdventNet ManageEngine OpManager 6 and 7 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in (a) ping.do and (b) traceRoute.do in...