135 matches found
CVE-2007-2011
Cross-site scripting XSS vulnerability in login.php in DeskPro 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter...
CVE-2007-2011
Cross-site scripting XSS vulnerability in login.php in DeskPro 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter...
CVE-2007-2011
Cross-site scripting XSS vulnerability in login.php in DeskPro 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter...
CVE-2007-2011
CVE-2007-2011 is a Cross-site Scripting (XSS) vulnerability affecting DeskPro 2.0.1, exploitable via the username parameter in login.php. The issue is documented across multiple sources (NVD/NVD-derived entries, CVE lists, and related advisories) with a CVSS v2 base score of 4.3 (Medium) indicati...
deskpro201-xss.txt
DeskPRO v2.0.1 - Cross-Site Scripting Vulnerability DeskPRO v2.0.1 - Cross-Site Scripting Vulnerabilitydiscovered by John Martinelli alert1;"...
DeskPro 2.0.1 - login.php HTML Injection
DeskPro 2.0.1 - login.php HTML Injection source: https://www.securityfocus.com/bid/23381/info DeskPRO is prone to an HTML-injection scripting vulnerability because the application fails to properly sanitize user-supplied input. Attacker-supplied HTML and script code would execute in the context o...
DeskPro 2.0.1 - 'login.php' HTML Injection
source: https://www.securityfocus.com/bid/23381/info DeskPRO is prone to an HTML-injection scripting vulnerability because the application fails to properly sanitize user-supplied input. Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing...
CVE-2007-1012
Cross-site scripting XSS vulnerability in faq.php in DeskPRO 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the article parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in faq.php in DeskPRO 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the article parameter...
CVE-2007-1012
CVE-2007-1012 is a Cross-Site Scripting (XSS) vulnerability in DeskPRO 1.1.0, exploitable via the article parameter in faq.php. The issue stems from improper handling of user input, allowing remote attackers to inject arbitrary web script or HTML. The NVD notes a CVSSv2 base score of 4.3 (Medium)...
CVE-2007-1012
Cross-site scripting XSS vulnerability in faq.php in DeskPRO 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the article parameter...
deskpro-xss.txt
hey guys .. check out this new xss i just found ;P Vulnerable : deskpro.com v1.1.0 web : http://www.deskpro.com, http://customers.qwk.net Version : v1.1.0 XSS : http://127.0.0.1/dp/faq.php?article="alert'bl4ck' Discovered By BLacK ZeRo K.S.A [email protected] Best regards ,,...
Deskpro 1.1 - 'faq.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/22577/info Deskpro is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...
Deskpro 1.1 - faq.php Cross-Site Scripting
Deskpro 1.1 - faq.php Cross-Site Scripting source: https://www.securityfocus.com/bid/22577/info Deskpro is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in...
CVE-2006-7000
Headstart Solutions DeskPRO allows remote attackers to obtain the full path via direct requests to 1 email/mail.php, 2 includes/init.php, 3 certain files in includes/cron/, and 4 jpgraph.php, 5 jpgraphbar.php, 6 jpgraphpie.php, and 7 jpgraphpie3d.php in includes/graph/, which leaks the path in...
CVE-2006-6998
install/loaderhelp.php in Headstart Solutions DeskPRO allows remote attackers to obtain configuration information via a q=phpinfo QUERYSTRING, which calls the phpinfo function...
CVE-2006-6999
attachment.php in Headstart Solutions DeskPRO allows remote attackers to read all uploaded files by providing the file number in a modified id parameter...
CVE-2006-7000
Headstart Solutions DeskPRO allows remote attackers to obtain the full path via direct requests to 1 email/mail.php, 2 includes/init.php, 3 certain files in includes/cron/, and 4 jpgraph.php, 5 jpgraphbar.php, 6 jpgraphpie.php, and 7 jpgraphpie3d.php in includes/graph/, which leaks the path in...
CVE-2006-6999
The CVE-2006-6999 entry concerns attachment.php in Headstart Solutions DeskPRO, where remote attackers can read all uploaded files by supplying a modified id parameter. The vulnerability is evidenced across multiple sources (NVD, Red Hat advisory, CVE listings) with the core issue being an insecu...
CVE-2006-7000
CVE-2006-7000 relates to Headstart Solutions DeskPRO. Multiple endpoints (email/mail.php, includes/init.php, includes/cron/*, jpgraph.php, jpgraph_bar.php, jpgraph_pie.php, jpgraph_pie3d.php in includes/graph/) disclose the server’s full filesystem path via error messages. The vulnerability stems...