CVE-2006-4587
published 2006-09-06CVE-2006-4587: Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 4.2.4, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML…
PriorityP420medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
1.41%
69.3th percentile
Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 4.2.4, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) description parameter in unspecified modules or the (2) solution parameter in the HelpDesk module.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vtiger | vtiger_crm | — | — |
| vtiger | vtiger_crm | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2006-4600 openldap improper selfwrite access
bugzilla·2007-04-13·CVSS 2.3
CVE-2006-4600 [LOW] CVE-2006-4600 openldap improper selfwrite access
CVE-2006-4600 openldap improper selfwrite access
+++ This bug was initially created as a clone of Bug #205826 +++
openldap improper selfwrite access
The way openldap handles selfwrite access is broken. Users with
selfwrite access should only be able to add/remove their own DN to the
target, but via this bug any DN may be modified.
This was fixed upstream in version 2.3.25
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=4587
http://secunia.com/advisories/21721/
A reproducer can be found here:
http://www.openldap.org/devel/cvsweb.cgi/tests/scripts/test006-acls?hideattic=1&sortbydate=0
Discussion:
This flaw has been rated as having a low severity by the Red Hat Security
Response Team. More information about this rating can be
found here: http://www.redhat.com/security/updates/
Bugzilla
CVE-2006-4600 openldap improper selfwrite access
bugzilla·2006-09-08·CVSS 2.3
CVE-2006-4600 [LOW] CVE-2006-4600 openldap improper selfwrite access
CVE-2006-4600 openldap improper selfwrite access
openldap improper selfwrite access
The way openldap handles selfwrite access is broken. Users with
selfwrite access should only be able to add/remove their own DN to the
target, but via this bug any DN may be modified.
This was fixed upstream in version 2.3.25
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=4587
http://secunia.com/advisories/21721/
A reproducer can be found here:
http://www.openldap.org/devel/cvsweb.cgi/tests/scripts/test006-acls?hideattic=1&sortbydate=0
Discussion:
openldap-2.3.30-2.fc5 has been pushed for fc5, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report.
---
openldap-2.3.30-2.fc5 has been pushed for fc5, which should r
Bugzilla
CVE-2006-4600 openldap improper selfwrite access
bugzilla·2006-09-08·CVSS 2.3
CVE-2006-4600 [LOW] CVE-2006-4600 openldap improper selfwrite access
CVE-2006-4600 openldap improper selfwrite access
openldap improper selfwrite access
The way openldap handles selfwrite access is broken. Users with
selfwrite access should only be able to add/remove their own DN to the
target, but via this bug any DN may be modified.
This was fixed upstream in version 2.3.25
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=4587
http://secunia.com/advisories/21721/
A reproducer can be found here:
http://www.openldap.org/devel/cvsweb.cgi/tests/scripts/test006-acls?hideattic=1&sortbydate=0
This issue also affects RHEL3
This issue also affects RHEL2.1
Discussion:
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release. Product Management has requested
further review of this reques
http://secunia.com/advisories/21728http://www.osvdb.org/28460http://www.osvdb.org/28461http://www.security-net.biz/adv/D3906a.txthttp://www.securityfocus.com/bid/19829http://www.vupen.com/english/advisories/2006/3444http://secunia.com/advisories/21728http://www.osvdb.org/28460http://www.osvdb.org/28461http://www.security-net.biz/adv/D3906a.txthttp://www.securityfocus.com/bid/19829http://www.vupen.com/english/advisories/2006/3444
2006-09-06
Published