cbcvebase.

Saleslogix Corporation Saleslogix vulnerabilities

8 known vulnerabilities affecting saleslogix_corporation/saleslogix.

Total CVEs
8
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM5

Vulnerabilities

Page 1 of 1
CVE-2004-1612P4MEDIUMCVSS 5.0PoCv2000.02004-10-18
CVE-2004-1612 [MEDIUM] CVE-2004-1612: Directory traversal vulnerability in SalesLogix 6.1 allows remote attackers to upload arbitrary file Directory traversal vulnerability in SalesLogix 6.1 allows remote attackers to upload arbitrary files via a .. (dot dot) in a ProcessQueueFile request.
nvd
CVE-2004-1605P3HIGHCVSS 7.5v2000.02004-10-14
CVE-2004-1605 [HIGH] CVE-2004-1605: SalesLogix 6.1 allows remote attackers to bypass authentication by modifying the slxweb cookie to se SalesLogix 6.1 allows remote attackers to bypass authentication by modifying the slxweb cookie to set user=Admin, teams=ADMIN!, and usertype=Administrator.
nvd
CVE-2004-1610P4HIGHCVSS 7.5v2000.02004-10-18
CVE-2004-1610 [HIGH] CVE-2004-1610: SalesLogix 6.1 uses client-specified pathnames for writing certain files, which might allow remote a SalesLogix 6.1 uses client-specified pathnames for writing certain files, which might allow remote authenticated users to create arbitrary files and execute code via the (1) vMME.AttachmentPath or (2) vMME.LibraryPath variables.
nvd
CVE-2004-1608P4HIGHCVSS 7.5v2000.02004-10-18
CVE-2004-1608 [HIGH] CVE-2004-1608: SQL injection vulnerability in SalesLogix 6.1 allows remote attackers to execute arbitrary SQL state SQL injection vulnerability in SalesLogix 6.1 allows remote attackers to execute arbitrary SQL statements via the id parameter in a view operation.
nvd
CVE-2004-1611P4MEDIUMCVSS 5.1v2000.02004-10-18
CVE-2004-1611 [MEDIUM] CVE-2004-1611: SalesLogix 6.1 does not verify if a user is authenticated before performing sensitive operations, wh SalesLogix 6.1 does not verify if a user is authenticated before performing sensitive operations, which could allow remote attackers to (1) execute arbitrary SLX commands on the server or spoof the server via a man-in-the-middle (MITM) attack, or (2) obtain the database password via a GetConnection request to TCP port 1707.
nvd
CVE-2004-1609P4MEDIUMCVSS 5.0v2000.02004-10-18
CVE-2004-1609 [MEDIUM] CVE-2004-1609: SalesLogix 6.1 includes usernames, passwords, and other sensitive information in the headers of an H SalesLogix 6.1 includes usernames, passwords, and other sensitive information in the headers of an HTTP response, which could allow remote attackers to gain access.
nvd
CVE-2004-1606P4MEDIUMCVSS 6.4v2000.02004-10-18
CVE-2004-1606 [MEDIUM] CVE-2004-1606: slxweb.dll in SalesLogix 6.1 allows remote attackers to cause a denial service (application crash) v slxweb.dll in SalesLogix 6.1 allows remote attackers to cause a denial service (application crash) via an invalid HTTP request, which might also leak sensitive information in the ErrorLogMsg cookie.
nvd
CVE-2004-1607P4MEDIUMCVSS 5.0v2000.02004-10-18
CVE-2004-1607 [MEDIUM] CVE-2004-1607: slxweb.dll in SalesLogix 6.1 allows remote attackers to obtain sensitive information via a (1) Libra slxweb.dll in SalesLogix 6.1 allows remote attackers to obtain sensitive information via a (1) Library or (2) Attachment request with an invalid file parameter, which reveals the path in an error message.
nvd
Saleslogix Corporation Saleslogix vulnerabilities | cvebase