|
From: | Brendan Coles |
Subject: | [Dolibarr-bugtrack] [bug #31617] Dolibarr ERP CRM 3.0.0-alpha multiple security vulnerabilities |
Date: | Wed, 10 Nov 2010 18:24:57 +0000 |
User-agent: | Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12 ( .NET CLR 3.5.30729; .NET4.0C) |
URL: <http://savannah.nongnu.org/bugs/?31617> Summary: Dolibarr ERP CRM 3.0.0-alpha multiple security vulnerabilities Project: Dolibarr Submitted by: bcoles Submitted on: Wed 10 Nov 2010 06:24:57 PM GMT Severity: 3 - Normal Status: None Privacy: Private Assigned to: None Open/Closed: Open Discussion Lock: Any Release: CVS-DEV Operating System: None _______________________________________________________ Details: Advisory attached. # Summary : There are multiple security vulnerabilities in Dolibarr ERP CRM 3.0.0-alpha which may allow an attacker to take control of the software. # Software : # Software Link: Dolibarr ERP CRM 3.0.0-alpha # Vulnerable Version: <= 3.0.0-alpha # Vulnerability Reference : # Cross-Site Scripting : http://www.owasp.org/index.php/Cross-site_Scripting_(XSS) # Full Path Disclosure : http://www.owasp.org/index.php/Full_Path_Disclosure # Information Leakage : http://www.owasp.org/index.php/Information_Leakage # SQL Injection : http://www.owasp.org/index.php/SQL_Injection Regards, Brendan Coles ~ http://itsecuritysolutions.org/ _______________________________________________________ File Attachments: ------------------------------------------------------- Date: Wed 10 Nov 2010 06:24:57 PM GMT Name: Dolibarr ERP CRM 3.0.0-alpha multiple security vulnerabilities.txt Size: 13kB By: bcoles <http://savannah.nongnu.org/bugs/download.php?file_id=21977> _______________________________________________________ Reply to this item at: <http://savannah.nongnu.org/bugs/?31617> _______________________________________________ Message sent via/by Savannah http://savannah.nongnu.org/
[Prev in Thread] | Current Thread | [Next in Thread] |