Saleslogix Corporation
Products
2- 9 CVEs
- 1 CVE
Recent CVEs
9| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2004-1612 | 0.03 | — | 0.03 | Oct 18, 2004 | Directory traversal vulnerability in SalesLogix 6.1 allows remote attackers to upload arbitrary files via a .. (dot dot) in a ProcessQueueFile request. | |||
| CVE-2000-0278 | 0.03 | — | 0.05 | Aug 3, 2000 | The SalesLogix Eviewer allows remote attackers to cause a denial of service by accessing the URL for the slxweb.dll administration program, which does not authenticate the user. | |||
| CVE-2004-1606 | 0.00 | — | 0.02 | Oct 18, 2004 | slxweb.dll in SalesLogix 6.1 allows remote attackers to cause a denial service (application crash) via an invalid HTTP request, which might also leak sensitive information in the ErrorLogMsg cookie. | |||
| CVE-2004-1610 | 0.00 | — | 0.02 | Oct 18, 2004 | SalesLogix 6.1 uses client-specified pathnames for writing certain files, which might allow remote authenticated users to create arbitrary files and execute code via the (1) vMME.AttachmentPath or (2) vMME.LibraryPath variables. | |||
| CVE-2004-1611 | 0.00 | — | 0.02 | Oct 18, 2004 | SalesLogix 6.1 does not verify if a user is authenticated before performing sensitive operations, which could allow remote attackers to (1) execute arbitrary SLX commands on the server or spoof the server via a man-in-the-middle (MITM) attack, or (2) obtain the database password… | |||
| CVE-2004-1609 | 0.00 | — | 0.02 | Oct 18, 2004 | SalesLogix 6.1 includes usernames, passwords, and other sensitive information in the headers of an HTTP response, which could allow remote attackers to gain access. | |||
| CVE-2004-1607 | 0.00 | — | 0.02 | Oct 18, 2004 | slxweb.dll in SalesLogix 6.1 allows remote attackers to obtain sensitive information via a (1) Library or (2) Attachment request with an invalid file parameter, which reveals the path in an error message. | |||
| CVE-2004-1608 | 0.00 | — | 0.02 | Oct 18, 2004 | SQL injection vulnerability in SalesLogix 6.1 allows remote attackers to execute arbitrary SQL statements via the id parameter in a view operation. | |||
| CVE-2004-1605 | 0.00 | — | 0.02 | Oct 14, 2004 | SalesLogix 6.1 allows remote attackers to bypass authentication by modifying the slxweb cookie to set user=Admin, teams=ADMIN!, and usertype=Administrator. |
- CVE-2004-1612Oct 18, 2004risk 0.03cvss —epss 0.03
Directory traversal vulnerability in SalesLogix 6.1 allows remote attackers to upload arbitrary files via a .. (dot dot) in a ProcessQueueFile request.
- CVE-2000-0278Aug 3, 2000risk 0.03cvss —epss 0.05
The SalesLogix Eviewer allows remote attackers to cause a denial of service by accessing the URL for the slxweb.dll administration program, which does not authenticate the user.
- CVE-2004-1606Oct 18, 2004risk 0.00cvss —epss 0.02
slxweb.dll in SalesLogix 6.1 allows remote attackers to cause a denial service (application crash) via an invalid HTTP request, which might also leak sensitive information in the ErrorLogMsg cookie.
- CVE-2004-1610Oct 18, 2004risk 0.00cvss —epss 0.02
SalesLogix 6.1 uses client-specified pathnames for writing certain files, which might allow remote authenticated users to create arbitrary files and execute code via the (1) vMME.AttachmentPath or (2) vMME.LibraryPath variables.
- CVE-2004-1611Oct 18, 2004risk 0.00cvss —epss 0.02
SalesLogix 6.1 does not verify if a user is authenticated before performing sensitive operations, which could allow remote attackers to (1) execute arbitrary SLX commands on the server or spoof the server via a man-in-the-middle (MITM) attack, or (2) obtain the database password…
- CVE-2004-1609Oct 18, 2004risk 0.00cvss —epss 0.02
SalesLogix 6.1 includes usernames, passwords, and other sensitive information in the headers of an HTTP response, which could allow remote attackers to gain access.
- CVE-2004-1607Oct 18, 2004risk 0.00cvss —epss 0.02
slxweb.dll in SalesLogix 6.1 allows remote attackers to obtain sensitive information via a (1) Library or (2) Attachment request with an invalid file parameter, which reveals the path in an error message.
- CVE-2004-1608Oct 18, 2004risk 0.00cvss —epss 0.02
SQL injection vulnerability in SalesLogix 6.1 allows remote attackers to execute arbitrary SQL statements via the id parameter in a view operation.
- CVE-2004-1605Oct 14, 2004risk 0.00cvss —epss 0.02
SalesLogix 6.1 allows remote attackers to bypass authentication by modifying the slxweb cookie to set user=Admin, teams=ADMIN!, and usertype=Administrator.