Lucene search
+L

135 matches found

attackerkb
attackerkb
added 2007/04/12 7:19 p.m.3 views

CVE-2007-2011

Cross-site scripting XSS vulnerability in login.php in DeskPro 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter...

4.3CVSS5.7AI score0.01871EPSS
Exploits1References8
nvd
nvd
added 2007/04/12 7:19 p.m.16 views

CVE-2007-2011

Cross-site scripting XSS vulnerability in login.php in DeskPro 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter...

4.3CVSS5.7AI score0.01871EPSS
Exploits1References7
cvelist
cvelist
added 2007/04/12 7:0 p.m.25 views

CVE-2007-2011

Cross-site scripting XSS vulnerability in login.php in DeskPro 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter...

5.7AI score0.01871EPSS
Exploits1References7
cve
cve
added 2007/04/12 7:0 p.m.54 views

CVE-2007-2011

CVE-2007-2011 is a Cross-site Scripting (XSS) vulnerability affecting DeskPro 2.0.1, exploitable via the username parameter in login.php. The issue is documented across multiple sources (NVD/NVD-derived entries, CVE lists, and related advisories) with a CVSS v2 base score of 4.3 (Medium) indicati...

4.3CVSS5.7AI score0.01871EPSS
Exploits1References7Affected Software1
packetstorm
packetstorm
added 2007/04/10 12:0 a.m.17 views

deskpro201-xss.txt

DeskPRO v2.0.1 - Cross-Site Scripting Vulnerability DeskPRO v2.0.1 - Cross-Site Scripting Vulnerabilitydiscovered by John Martinelli alert1;"...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2007/04/09 12:0 a.m.9 views

DeskPro 2.0.1 - login.php HTML Injection

DeskPro 2.0.1 - login.php HTML Injection source: https://www.securityfocus.com/bid/23381/info DeskPRO is prone to an HTML-injection scripting vulnerability because the application fails to properly sanitize user-supplied input. Attacker-supplied HTML and script code would execute in the context o...

7.6AI score
Exploits0
exploitdb
exploitdb
added 2007/04/09 12:0 a.m.23 views

DeskPro 2.0.1 - 'login.php' HTML Injection

source: https://www.securityfocus.com/bid/23381/info DeskPRO is prone to an HTML-injection scripting vulnerability because the application fails to properly sanitize user-supplied input. Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing...

7AI score
Exploits0
nvd
nvd
added 2007/02/21 11:28 a.m.15 views

CVE-2007-1012

Cross-site scripting XSS vulnerability in faq.php in DeskPRO 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the article parameter...

4.3CVSS5.7AI score0.01028EPSS
Exploits0References4
prion
prion
added 2007/02/21 11:28 a.m.15 views

Cross site scripting

Cross-site scripting XSS vulnerability in faq.php in DeskPRO 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the article parameter...

4.3CVSS6.1AI score0.01028EPSS
Exploits0References4Affected Software1
cve
cve
added 2007/02/21 11:0 a.m.45 views

CVE-2007-1012

CVE-2007-1012 is a Cross-Site Scripting (XSS) vulnerability in DeskPRO 1.1.0, exploitable via the article parameter in faq.php. The issue stems from improper handling of user input, allowing remote attackers to inject arbitrary web script or HTML. The NVD notes a CVSSv2 base score of 4.3 (Medium)...

4.3CVSS5.7AI score0.01028EPSS
Exploits0References4Affected Software1
cvelist
cvelist
added 2007/02/21 11:0 a.m.25 views

CVE-2007-1012

Cross-site scripting XSS vulnerability in faq.php in DeskPRO 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the article parameter...

5.7AI score0.01028EPSS
Exploits0References4
packetstorm
packetstorm
added 2007/02/16 12:0 a.m.25 views

deskpro-xss.txt

hey guys .. check out this new xss i just found ;P Vulnerable : deskpro.com v1.1.0 web : http://www.deskpro.com, http://customers.qwk.net Version : v1.1.0 XSS : http://127.0.0.1/dp/faq.php?article="alert'bl4ck' Discovered By BLacK ZeRo K.S.A [email protected] Best regards ,,...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2007/02/15 12:0 a.m.18 views

Deskpro 1.1 - 'faq.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/22577/info Deskpro is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2007/02/15 12:0 a.m.12 views

Deskpro 1.1 - faq.php Cross-Site Scripting

Deskpro 1.1 - faq.php Cross-Site Scripting source: https://www.securityfocus.com/bid/22577/info Deskpro is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in...

6.8AI score
Exploits0
nvd
nvd
added 2007/02/12 5:28 p.m.16 views

CVE-2006-7000

Headstart Solutions DeskPRO allows remote attackers to obtain the full path via direct requests to 1 email/mail.php, 2 includes/init.php, 3 certain files in includes/cron/, and 4 jpgraph.php, 5 jpgraphbar.php, 6 jpgraphpie.php, and 7 jpgraphpie3d.php in includes/graph/, which leaks the path in...

5CVSS6.6AI score0.0114EPSS
Exploits1References1
nvd
nvd
added 2007/02/12 5:28 p.m.21 views

CVE-2006-6998

install/loaderhelp.php in Headstart Solutions DeskPRO allows remote attackers to obtain configuration information via a q=phpinfo QUERYSTRING, which calls the phpinfo function...

5CVSS6.3AI score0.01076EPSS
Exploits0References1
nvd
nvd
added 2007/02/12 5:28 p.m.12 views

CVE-2006-6999

attachment.php in Headstart Solutions DeskPRO allows remote attackers to read all uploaded files by providing the file number in a modified id parameter...

4.3CVSS6.5AI score0.01037EPSS
Exploits1References1
cvelist
cvelist
added 2007/02/12 5:0 p.m.20 views

CVE-2006-7000

Headstart Solutions DeskPRO allows remote attackers to obtain the full path via direct requests to 1 email/mail.php, 2 includes/init.php, 3 certain files in includes/cron/, and 4 jpgraph.php, 5 jpgraphbar.php, 6 jpgraphpie.php, and 7 jpgraphpie3d.php in includes/graph/, which leaks the path in...

6.6AI score0.0114EPSS
Exploits1References1
cve
cve
added 2007/02/12 5:0 p.m.41 views

CVE-2006-6999

The CVE-2006-6999 entry concerns attachment.php in Headstart Solutions DeskPRO, where remote attackers can read all uploaded files by supplying a modified id parameter. The vulnerability is evidenced across multiple sources (NVD, Red Hat advisory, CVE listings) with the core issue being an insecu...

4.3CVSS6.5AI score0.01037EPSS
Exploits1References1Affected Software1
cve
cve
added 2007/02/12 5:0 p.m.51 views

CVE-2006-7000

CVE-2006-7000 relates to Headstart Solutions DeskPRO. Multiple endpoints (email/mail.php, includes/init.php, includes/cron/*, jpgraph.php, jpgraph_bar.php, jpgraph_pie.php, jpgraph_pie3d.php in includes/graph/) disclose the server’s full filesystem path via error messages. The vulnerability stems...

5CVSS6.6AI score0.0114EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder