1164 matches found
Cerberus Helpdesk 0.97.3/2.6.1 - Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/13897/info Cerberus Helpdesk is affected by various cross-site scripting vulnerabilities. These issues could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile...
CVE-2004-2737
SQL injection vulnerability in problist.asp in NetSupport DNA HelpDesk 1.01 allows remote attackers to execute arbitrary SQL commands via the where parameter...
Cerberus Helpdesk < Cerberus Helpdesk 4.0 Build 603
Binary data 4519.prm...
Polar HelpDesk Authentication Bypass
The remote server is running Polar HelpDesk. There is a flaw in the remote version of this software that may allow an attacker to bypass the authentication mechanism of this software and gain administrative access. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. UNTESTED...
netsupportDNA.txt
NetSupport DNA HelpDesk SQL Injection Summary DNA Helpdesk is "a fully web based solution providing detailed recording and tracking of user Help Requests". We found the product to contain at least one exploitable SQL Injection vulnerability that would allow a normal user to at the very least gain...
LBEhelpdesk.txt
LBE Web HelpDesk SQL Injection Summary Leigh Business Enterprises's Web HelpDesk is "operated entirely through your web browser and is designed to be used by both your support staff and your customers". We found the product to contain at least one exploitable SQL Injection vulnerability that woul...
polarHelp.txt
Polar HelpDesk Inadequate Security Checks Summary Polar HelpDesk is "a software solution for implementation of a help desk support system on your web site". We found the product to inadequately verify whether the user logged on to the system provided username and password or the privileges that t...
Leigh Business Enterprises Web HelpDesk 4.0 - SQL Injection
Leigh Business Enterprises Web HelpDesk 4.0 - SQL Injection source: https://www.securityfocus.com/bid/10773/info LBE Web HelpDesk is reported susceptible to an SQL injection vulnerability. This issue is due to improper sanitization of user-supplied data. This issue may allow a remote attacker to...
[NT] LBE Web HelpDesk SQL Injection
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...
[NT] Polar HelpDesk Inadequate Security Checks
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...
Polar Helpdesk 3.0 - Cookie Based Authentication Bypass
source: https://www.securityfocus.com/bid/10775/info Polar Helpdesk is reported prone to a cookie based authentication system bypass vulnerability. It is reported that the authentication and privilege system for Polar Helpdesk is based entirely on the values read from a cookie that is saved on th...
NetSupport DNA HelpDesk 1.0 Problist Script - SQL Injection
source: https://www.securityfocus.com/bid/10772/info An SQL injection vulnerability is identified in the application that may allow attackers to pass malicious input to database queries, resulting in the modification of query logic or other attacks. This vulnerability exists due to insufficient...
CVE-2003-0303
SQL injection vulnerability in one||zero aka One or Zero Helpdesk 1.4 rc4 allows remote attackers to modify arbitrary ticket number descriptions via the sg parameter...
CVE-2003-0304
one||zero aka One or Zero Helpdesk 1.4 rc4 allows remote attackers to create administrator accounts by directly calling the install.php Helpdesk Installation script...
OneOrZero Helpdesk tupdate.php sg Parameter SQL Injection
The remote host is running OneOrZero, an online helpdesk. There are multiple flaws in this software that could allow an attacker to insert arbitrary SQL commands in the remote database, or even to gain administrative privileges on this host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Re...
CVE-2003-0303
SQL injection vulnerability in one||zero aka One or Zero Helpdesk 1.4 rc4 allows remote attackers to modify arbitrary ticket number descriptions via the sg parameter...
CVE-2003-0303
CVE-2003-0303 corresponds to a SQL injection in OneOrZero Helpdesk 1.4 RC4. The vulnerability allows remote attackers to modify arbitrary ticket number descriptions via the sg parameter (tupdate.php), affecting the integrity of the helpdesk data without affecting confidentiality. Connected source...
CVE-2003-0304
one||zero aka One or Zero Helpdesk 1.4 rc4 allows remote attackers to create administrator accounts by directly calling the install.php Helpdesk Installation script...
CVE-2003-0304
The CVE-2003-0304 entry concerns One||Zero Helpdesk 1.4 rc4, where remote attackers can create administrator accounts by directly invoking the Helpdesk Installation script (install.php). The vulnerability arises from improper handling of installation script execution, enabling privilege escalatio...
OneOrZero Helpdesk 1.4 - TUpdate.php SQL Injection
OneOrZero Helpdesk 1.4 - TUpdate.php SQL Injection source: https://www.securityfocus.com/bid/7609/info An SQL injection issue has been reported to affect OneOrZero Helpdesk. The error presents itself in a OneOrZero Helpdesk script that fails to sufficiently sanitize user-supplied input before...