Search CVE reports
111 – 120 of 121 results
CVE-2017-7888
Low priorityDolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier.
1 affected packages
dolibarr
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dolibarr | Not in release | Not in release | Not in release | Not in release | Vulnerable |
CVE-2017-7887
Medium priorityDolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall parameter.
1 affected packages
dolibarr
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dolibarr | Not in release | Not in release | Not in release | Not in release | Vulnerable |
CVE-2017-7886
Medium priorityDolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter.
1 affected packages
dolibarr
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dolibarr | Not in release | Not in release | Not in release | Not in release | Vulnerable |
CVE-2016-1912
Medium priorityMultiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.8.3 allow remote authenticated users to inject arbitrary web script or HTML via the (1) lastname, (2) firstname, (3) email, (4) job, or (5) signature...
1 affected packages
dolibarr
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dolibarr | — | — | — | Not in release | Not affected |
CVE-2015-8685
Medium priorityMultiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.8.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) external calendar url or (2) the bank name field in the "import...
1 affected packages
dolibarr
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dolibarr | — | — | — | Not in release | Not affected |
CVE-2015-3935
Medium priorityMultiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.5 and 3.6 allow remote attackers to inject arbitrary web script or HTML via the Business Search (search_nom) field to (1) htdocs/societe/societe.php or (2)...
1 affected packages
dolibarr
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dolibarr | — | — | — | Not in release | Not affected |
CVE-2014-7137
Medium priorityMultiple SQL injection vulnerabilities in Dolibarr ERP/CRM before 3.6.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) contactid parameter in an addcontact action, (2) ligne parameter in...
1 affected packages
dolibarr
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dolibarr | — | — | — | Not in release | Not affected |
CVE-2014-3992
Medium priorityMultiple SQL injection vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) entity parameter in an update action to user/fiche.php or (2) sortorder parameter to...
1 affected packages
dolibarr
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dolibarr | — | — | — | Not in release | Not affected |
CVE-2014-3991
Medium priorityMultiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) dol_use_jmobile, (2) dol_optimize_smallscreen, (3) dol_no_mouse_hover, (4)...
1 affected packages
dolibarr
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dolibarr | — | — | — | Not in release | Not affected |
CVE-2014-2054
Medium priorityPHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files, cause a denial of service, or...
3 affected packages
dolibarr, moodle, owncloud
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dolibarr | — | — | — | Not in release | Not affected |
moodle | — | — | — | Not affected | Not affected |
owncloud | — | — | — | Not in release | Not in release |