15 matches found
EUVD-2007-4395
Malware in sbrugna...
EUVD-2006-6955
Malware in sbrugna...
EUVD-2006-6981
Malware in sbrugna...
EUVD-2007-4396
Malware in sbrugna...
CVE-2006-6999
attachment.php in Headstart Solutions DeskPRO allows remote attackers to read all uploaded files by providing the file number in a modified id parameter...
CVE-2006-6998
install/loaderhelp.php in Headstart Solutions DeskPRO allows remote attackers to obtain configuration information via a q=phpinfo QUERYSTRING, which calls the phpinfo function...
CVE-2006-6974
Headstart Solutions DeskPRO stores sensitive information under the web root with insufficient access control, which allows remote attackers to 1 list files in the includes/ directory; obtain the SQL username and password via a direct request for 2 config.php and 3 config.php.bak in includes/; rea...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Headstart Solutions DeskPRO 3.0.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters to 1 techs.php, 2 ticketcategory.php, 3 ticketpriority.php, 4 ticketworkflow.php, 5 ticketescalate.php, 6...
CVE-2007-4413
Direct static code injection vulnerability in admincp/userhelp.php in Headstart Solutions DeskPRO 3.0.2 allows remote authenticated users to inject arbitrary PHP code into an unspecified file via a newentry value in the do parameter...
CVE-2007-4412
CVE-2007-4412 describes multiple cross-site scripting (XSS) vulnerabilities in Headstart Solutions DeskPRO 3.0.2. The issues allow remote authenticated users to inject arbitrary script/HTML via unspecified parameters to a set of PHP scripts (techs.php, ticket_category.php, ticket_priority.php, ti...
DeskPRO Admin Panel Multiple HTML Injections
HSC DeskPRO Admin Panel Multiple HTML Injections An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks....
CVE-2006-6998
install/loaderhelp.php in Headstart Solutions DeskPRO allows remote attackers to obtain configuration information via a q=phpinfo QUERYSTRING, which calls the phpinfo function...
CVE-2006-6999
attachment.php in Headstart Solutions DeskPRO allows remote attackers to read all uploaded files by providing the file number in a modified id parameter...
CVE-2006-6998
CVE-2006-6998 affects Headstart Solutions DeskPRO. The vulnerable file is install/loader_help.php, which can be accessed with a q=phpinfo QUERY_STRING to trigger phpinfo, allowing remote attackers to obtain configuration information. Documented impact is Partial Confidentiality with no integrity/...
CVE-2006-6974
The CVE-2006-6974 entry concerns Headstart Solutions DeskPRO, where sensitive data is stored under the web root with insufficient access control. According to the sources, an attacker can directly request various files in includes/ (config.php, config.php.bak, and other includes/), read files in ...