69 matches found
PT-2023-22666 · Unknown · Helpdezk Community
Name of the Vulnerable Software and Affected Versions: HelpDezk Community version 1.1.10 Description: The issue is related to a SQL injection vulnerability that could allow a remote attacker to send a specially crafted SQL query to the rows parameter of the "jsonGrid route" and extract all the...
CVE-2014-8337
Unrestricted file upload vulnerability in includes/classes/uploadify-v2.1.4/uploadify.php in HelpDEZk 1.0.1 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the directory specified...
Unrestricted file upload
Unrestricted file upload vulnerability in includes/classes/uploadify-v2.1.4/uploadify.php in HelpDEZk 1.0.1 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the directory specified...
CVE-2014-8337
CVE-2014-8337 affects HelpDEZk 1.0.1 and earlier due to an unrestricted upload of files with dangerous extensions in /includes/classes/uploadify-v2.1.4/uploadify.php . The vulnerability arises from lack of validation of file extensions, enabling a remote attacker to upload arbitrary files and the...
Helpdezk 1.1.1 - Arbitrary File Upload
Helpdezk 1.1.1 - Arbitrary File Upload Exploit Title: Helpdezk 1.1.1 - Arbitrary File Upload Dork: N/A Date: 2018-11-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.helpdezk.org/ Software Link: https://netcologne.dl.sourceforge.net/project/helpdezk/helpdezk-1.1.1.zip Version: 1.1.1...
Helpdezk 1.1.1 - Arbitrary File Upload Vulnerability
Exploit for php platform in category web applications Exploit Title: Helpdezk 1.1.1 - Arbitrary File Upload Exploit Author: Ihsan Sencan Vendor Homepage: http://www.helpdezk.org/ Software Link: https://netcologne.dl.sourceforge.net/project/helpdezk/helpdezk-1.1.1.zip Version: 1.1.1 Category:...
Helpdezk 1.1.1 Shell Upload
Exploit Title: Helpdezk 1.1.1 - Arbitrary File Upload Dork: N/A Date: 2018-11-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.helpdezk.org/ Software Link: https://netcologne.dl.sourceforge.net/project/helpdezk/helpdezk-1.1.1.zip Version: 1.1.1 Category: Webapps Tested on:...
Helpdezk 1.1.1 - Arbitrary File Upload
Exploit Title: Helpdezk 1.1.1 - Arbitrary File Upload Dork: N/A Date: 2018-11-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.helpdezk.org/ Software Link: https://netcologne.dl.sourceforge.net/project/helpdezk/helpdezk-1.1.1.zip Version: 1.1.1 Category: Webapps Tested on:...
Helpdezk 1.1.1 SQL Injection
Exploit Title: Helpdezk 1.1.1 - 'query' SQL Injection Dork: N/A Date: 2018-11-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.helpdezk.org/ Software Link: https://netcologne.dl.sourceforge.net/project/helpdezk/helpdezk-1.1.1.zip Version: 1.1.1 Category: Webapps Tested on:...
Helpdezk 1.1.1 - query SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Helpdezk 1.1.1 - 'query' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://www.helpdezk.org/ Software Link: https://netcologne.dl.sourceforge.net/project/helpdezk/helpdezk-1.1.1.zip Version: 1.1.1 Category:...
HelpDEZk File Upload Vulnerability
HelpDEZk is a suite of PHP-based software for managing requests and events. The software manages workflow, logging process and maintenance history through a shared service center. A file upload vulnerability exists in HelpDEZk version 1.1.1. A remote attacker can exploit this vulnerability by...
HelpDEZk SQL Injection Vulnerability
HelpDEZk is a suite of PHP-based software for managing requests and events. The software manages workflow, logging process and maintenance history through a shared service center. A SQL injection vulnerability exists in the app\modules\admin\controllers\loginController.php file in HelpDEZk versio...
CVE-2017-14145
HelpDEZk 1.1.1 has SQL Injection in app\modules\admin\controllers\loginController.php via the admin/login/getWarningInfo/id/ PATHINFO, related to the selectWarning function...
CVE-2017-14146
HelpDEZk 1.1.1 allows remote authenticated users to execute arbitrary PHP code by uploading a .php attachment and then requesting it in the helpdezk\app\uploads\helpdezk\attachments\ directory...
Directory traversal
HelpDEZk 1.1.1 allows remote authenticated users to execute arbitrary PHP code by uploading a .php attachment and then requesting it in the helpdezk\app\uploads\helpdezk\attachments\ directory...
CVE-2017-14145
HelpDEZk 1.1.1 has SQL Injection in app\modules\admin\controllers\loginController.php via the admin/login/getWarningInfo/id/ PATHINFO, related to the selectWarning function...
CVE-2017-14146
HelpDEZk 1.1.1 allows remote authenticated users to execute arbitrary PHP code by uploading a .php attachment and then requesting it in the helpdezk\app\uploads\helpdezk\attachments\ directory...
Sql injection
HelpDEZk 1.1.1 has SQL Injection in app\modules\admin\controllers\loginController.php via the admin/login/getWarningInfo/id/ PATHINFO, related to the selectWarning function...
CVE-2017-14145
HelpDEZk 1.1.1 has a SQL Injection vulnerability in app/modules/admin/controllers/loginController.php via the admin/login/getWarningInfo/id/ PATH_INFO, related to the selectWarning function. The initial records (CVE-2017-14145) enumerate high-severity impact (C/P/I/A partial) with CVSS2/3 scores ...
CVE-2017-14145
HelpDEZk 1.1.1 has SQL Injection in app\modules\admin\controllers\loginController.php via the admin/login/getWarningInfo/id/ PATHINFO, related to the selectWarning function...