|
257501
|
- |
|
fatfreecrm
|
fat_free_crm
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Fat Free CRM before 0.12.1 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, related to the…
|
CWE-352
Origin Validation Error
|
CVE-2013-7223
|
2014-01-4 02:11 |
2014-01-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257502
|
- |
|
fatfreecrm
|
fat_free_crm
|
Multiple SQL injection vulnerabilities in app/controllers/home_controller.rb in Fat Free CRM before 0.12.1 allow remote authenticated users to execute arbitrary SQL commands via (1) the homepage time…
|
CWE-89
SQL Injection
|
CVE-2013-7225
|
2014-01-4 02:04 |
2014-01-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257503
|
- |
|
fatfreecrm
|
fat_free_crm
|
Fat Free CRM before 0.12.1 does not restrict JSON serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.json.
|
CWE-200
Information Exposure
|
CVE-2013-7224
|
2014-01-4 01:58 |
2014-01-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257504
|
- |
|
fatfreecrm
|
fat_free_crm
|
Fat Free CRM before 0.12.1 does not restrict XML serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.xml, a dif…
|
CWE-200
Information Exposure
|
CVE-2013-7249
|
2014-01-4 01:57 |
2014-01-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257505
|
- |
|
cybozu
|
garoon
|
The server in Cybozu Garoon before 3.7 SP1 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.
|
CWE-399
Resource Management Errors
|
CVE-2013-6002
|
2014-01-4 00:31 |
2013-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257506
|
- |
|
cybozu
|
garoon
|
SQL injection vulnerability in the Space function in Cybozu Garoon before 3.7 SP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2013-6001
|
2014-01-4 00:22 |
2013-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257507
|
- |
|
cybozu
|
garoon
|
CRLF injection vulnerability in Cybozu Garoon 3.1 through 3.5 SP5, when Phone Messages forwarding is enabled, allows remote authenticated users to inject arbitrary e-mail headers via unspecified vect…
|
CWE-20
Improper Input Validation
|
CVE-2013-6003
|
2014-01-4 00:21 |
2013-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257508
|
- |
|
cybozu
|
garoon
|
Session fixation vulnerability in Cybozu Garoon before 3.7.2 allows remote attackers to hijack web sessions via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-6004
|
2014-01-4 00:20 |
2013-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257509
|
- |
|
cybozu
|
garoon
|
Cross-site scripting (XSS) vulnerability in the system-administration component in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2013-6900
|
2014-01-4 00:20 |
2013-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257510
|
- |
|
cybozu
|
garoon
|
Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2013-6902
|
2014-01-4 00:19 |
2013-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
