|
| From: | Brendan Coles |
| Subject: | [Dolibarr-bugtrack] [bug #31617] Dolibarr ERP CRM 3.0.0-alpha multiple security vulnerabilities |
| Date: | Wed, 10 Nov 2010 18:24:57 +0000 |
| User-agent: | Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12 ( .NET CLR 3.5.30729; .NET4.0C) |
URL:
<http://savannah.nongnu.org/bugs/?31617>
Summary: Dolibarr ERP CRM 3.0.0-alpha multiple security
vulnerabilities
Project: Dolibarr
Submitted by: bcoles
Submitted on: Wed 10 Nov 2010 06:24:57 PM GMT
Severity: 3 - Normal
Status: None
Privacy: Private
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
Release: CVS-DEV
Operating System: None
_______________________________________________________
Details:
Advisory attached.
# Summary :
There are multiple security vulnerabilities in Dolibarr ERP CRM
3.0.0-alpha
which may allow an attacker to take control of the software.
# Software :
# Software Link: Dolibarr ERP CRM 3.0.0-alpha
# Vulnerable Version: <= 3.0.0-alpha
# Vulnerability Reference :
# Cross-Site Scripting :
http://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
# Full Path Disclosure :
http://www.owasp.org/index.php/Full_Path_Disclosure
# Information Leakage :
http://www.owasp.org/index.php/Information_Leakage
# SQL Injection : http://www.owasp.org/index.php/SQL_Injection
Regards,
Brendan Coles
~ http://itsecuritysolutions.org/
_______________________________________________________
File Attachments:
-------------------------------------------------------
Date: Wed 10 Nov 2010 06:24:57 PM GMT Name: Dolibarr ERP CRM 3.0.0-alpha
multiple security vulnerabilities.txt Size: 13kB By: bcoles
<http://savannah.nongnu.org/bugs/download.php?file_id=21977>
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/bugs/?31617>
_______________________________________________
Message sent via/by Savannah
http://savannah.nongnu.org/
| [Prev in Thread] | Current Thread | [Next in Thread] |