CVE-2025-48473

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, when creating a conversation from a message in another conversation, there is no check to ensure that the user has the ability to view this message. Thus, the user can view arbitrary messages from other...

CVE-2025-48480 FreeScout Has Business Logic Errors

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, an authorized user with the administrator role or with the privilege User::PERMEDITUSERS can create a user, specifying the path to the user's avatar ../.htaccess during creation, and then delete the user's...

PT-2025-14062

Name of the Vulnerable Software and Affected Versions JoomSky JS Help Desk versions n/a through 2.9.2 Description The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations For versions n/a through...

HESK Detection (HTTP)

HTTP based detection of HESK. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.148819";...

BMC Community Track-It! 授权问题漏洞

BMC Community Track-It! is an It helpdesk software from BMC Community USA. It is used for help desks and helpdesks with asset management. An authorization issue vulnerability exists in BMC Community Track-It! that originates in the GetData endpoint. The issue is caused due to a lack of...

SolarWinds Web Help Desk 安全漏洞

Solarwinds Web Help Desk is a suite of help desk and asset management software from Solarwinds USA. The software supports features such as centralized knowledge base, IT asset management, project and task management. A security vulnerability exists in SolarWinds Web Help Desk 12.7.2, which can be...

Open Ticket Request System Reload Vulnerability

OTRS Open Technology Real Service is an open source help desk and IT service management solution. OTRS suffers from a reinstallation vulnerability. Because the program does not validate the installation, an attacker can exploit the vulnerability to reinstall the system and directly manipulate the...

JVN#50347324: ManageEngine ServiceDesk Plus vulnerable to cross-site scripting

ManageEngine ServiceDesk Plus provided by Zoho Corporation is a help desk software. ManageEngine ServiceDesk Plus contains a stored cross-site scripting CWE-79 vulnerability. Impact An arbitrary script may be executed on a web browser of a user that is logged in. Solution Update the software Upda...

Sysaid Helpdesk Software 14.4.32 b25 - SQL Injection Vulnerability

Exploit for windows platform in category remote exploits Exploit Title: Sysaid Helpdesk Software Unauthenticated SQLi Date: 28.11.2015 Exploit Author: hland Vendor Homepage: https://www.sysaid.com/ Version: v14.4.32 b25 Tested on: Windows 7, Windows 10 Blog post:...

ManageEngine ServiceDesk Plus 9.1 Build 9110 Path Traversal

Exploit Title: ManageEngine ServiceDesk Plus Product Description ------------------- ServiceDesk Plus is an ITIL ready IT help desk software for organizations of all sizes. With advanced ITSM functionality and easy-to-use capability, ServiceDesk Plus helps IT support teams deliver world-class...

ManageEngine ServiceDesk Plus 9.1 build 9110 - Directory Traversal

ManageEngine ServiceDesk Plus 9.1 build 9110 - Directory Traversal Exploit Title: ManageEngine ServiceDesk Plus Product Description ------------------- ServiceDesk Plus is an ITIL ready IT help desk software for organizations of all sizes. With advanced ITSM functionality and easy-to-use...

[CERT VU#121036 / Multiple CVEs] RCE, domain admin creds leakage and more in BMC Track-It!

Hi, tl;dr - I am releasing two 0 day exploits for BMC Track-It!. One is a RCE and the other gets you the domain admin and SQL database creds. Other minor vulns are also disclosed. Details below. CERT handled the disclosure for these vulnerabilities see CERT VU121036 and according to them BMC didn...

BMC Track-It! - Multiple Vulnerabilities

BMC Track-It! - Multiple Vulnerabilities Multiple critical vulnerabilities in BMC Track-It! Discovered by Pedro Ribeiro [email protected], Agile Information Security ================================================================================= The application exposes several .NET remoting...

Kayako eSupport 3.70.02 - SQL Injection Vulnerability

No description provided by source. Name :Kayako eSupport v3.70.02 SQL Injection Vulnerability Date : july 17,2010 Critical Level : HIGH vendor URL :http://www.kayako.com/solutions/esupport/ google dork:Help Desk Software by Kayako SupportSuite v3.70.02 Author : Sid3^effects aKa HaRi special thank...

Help Desk Software 1.1g - CSRF (add admin) Vulnerability

No description provided by source. Exploit Title: Help Request System 1.1g XSRF add admin Date: 08-23-2011 Google Dork: powered by freehelpdesk.org Author: G13 Software link: http://freehelpdesk.org/ Version: 1.1g html body form id=edit method=post...

virtual support office-xp <= 3.0.29 Multiple Vulnerabilities

No description provided by source. www.BugReport.ir AmnPardaz Security Research Team Title: Virtual Support Office-XP Multiple Vulnerabilities. Vendor: www.vso-xp.com Vulnerable Version: 3.0.29, 3.0.27 and prior versions Exploit: Available Impact: High Fix: N/A Original Advisory:...

Kayako Script Config Download Vulnerability

Kayako Script version 4.57.1.3626 Configuration Can be Downloaded Exploit Title: Remote File Upload Kayako Script Google Dork: Powered by Kayako Fusion Help Desk Software Date: 08.10.2013 Exploit Author: Mauritania Attacker & Virusa Worm Vendor Homepage: http://www.kayako.com/ Software Link:...

Multiple vulnerabilities in Help Desk Software

Vulnerability ID: HTB23041 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinhelpdesksoftware.html Product: Help Desk Software Vendor: freehelpdesk.org http://freehelpdesk.org/ Vulnerable Version: 1.1b and probably prior Tested Version: 1.1b Vendor Notification: 17 August 2011...

Help Desk Software 1.1g - Cross-Site Request Forgery (Add Admin)

Help Desk Software 1.1g - Cross-Site Request Forgery Add Admin Exploit Title: Help Request System 1.1g XSRF add admin Date: 08-23-2011 Google Dork: "powered by freehelpdesk.org" Author: G13 Software link: http://freehelpdesk.org/ Version: 1.1g Name: Login name: Pass: Pass confirm:...

ManageEngine ServiceDesk Plus 8.0 Cross Site Scripting

ManageEngine ServiceDesk Plus 8.0 Multiple Stored XSS Vulnerabilities Vendor: Zoho Corporation Pvt. Ltd. Product web page: http://www.manageengine.com Affected version: 8.0.0 Build 8013 Enterprise Summary: ServiceDesk Plus integrates your help desk requests and assets to help you manage your IT...