| Max CVSS | 7.5 | Min CVSS | 5.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2004-1609 | 5.0 |
SalesLogix 6.1 includes usernames, passwords, and other sensitive information in the headers of an HTTP response, which could allow remote attackers to gain access.
|
11-07-2017 - 01:31 | 18-10-2004 - 04:00 | |
| CVE-2004-1605 | 7.5 |
SalesLogix 6.1 allows remote attackers to bypass authentication by modifying the slxweb cookie to set user=Admin, teams=ADMIN!, and usertype=Administrator.
|
11-07-2017 - 01:31 | 14-10-2004 - 04:00 | |
| CVE-2004-1611 | 5.1 |
SalesLogix 6.1 does not verify if a user is authenticated before performing sensitive operations, which could allow remote attackers to (1) execute arbitrary SLX commands on the server or spoof the server via a man-in-the-middle (MITM) attack, or (2)
|
11-07-2017 - 01:31 | 18-10-2004 - 04:00 | |
| CVE-2004-1606 | 6.4 |
slxweb.dll in SalesLogix 6.1 allows remote attackers to cause a denial service (application crash) via an invalid HTTP request, which might also leak sensitive information in the ErrorLogMsg cookie.
|
11-07-2017 - 01:31 | 18-10-2004 - 04:00 | |
| CVE-2004-1612 | 5.0 |
Directory traversal vulnerability in SalesLogix 6.1 allows remote attackers to upload arbitrary files via a .. (dot dot) in a ProcessQueueFile request.
|
11-07-2017 - 01:31 | 18-10-2004 - 04:00 | |
| CVE-2004-1607 | 5.0 |
slxweb.dll in SalesLogix 6.1 allows remote attackers to obtain sensitive information via a (1) Library or (2) Attachment request with an invalid file parameter, which reveals the path in an error message.
|
11-07-2017 - 01:31 | 18-10-2004 - 04:00 | |
| CVE-2004-1608 | 7.5 |
SQL injection vulnerability in SalesLogix 6.1 allows remote attackers to execute arbitrary SQL statements via the id parameter in a view operation.
|
11-07-2017 - 01:31 | 18-10-2004 - 04:00 |