8 matches found
CVE-2006-6999
attachment.php in Headstart Solutions DeskPRO allows remote attackers to read all uploaded files by providing the file number in a modified id parameter...
CVE-2006-6998
install/loaderhelp.php in Headstart Solutions DeskPRO allows remote attackers to obtain configuration information via a q=phpinfo QUERYSTRING, which calls the phpinfo function...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Headstart Solutions DeskPRO 3.0.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters to 1 techs.php, 2 ticketcategory.php, 3 ticketpriority.php, 4 ticketworkflow.php, 5 ticketescalate.php, 6...
CVE-2007-4413
Direct static code injection vulnerability in admincp/userhelp.php in Headstart Solutions DeskPRO 3.0.2 allows remote authenticated users to inject arbitrary PHP code into an unspecified file via a newentry value in the do parameter...
CVE-2007-4412
CVE-2007-4412 describes multiple cross-site scripting (XSS) vulnerabilities in Headstart Solutions DeskPRO 3.0.2. The issues allow remote authenticated users to inject arbitrary script/HTML via unspecified parameters to a set of PHP scripts (techs.php, ticket_category.php, ticket_priority.php, ti...
CVE-2006-6998
install/loaderhelp.php in Headstart Solutions DeskPRO allows remote attackers to obtain configuration information via a q=phpinfo QUERYSTRING, which calls the phpinfo function...
CVE-2006-6999
attachment.php in Headstart Solutions DeskPRO allows remote attackers to read all uploaded files by providing the file number in a modified id parameter...
CVE-2006-6998
CVE-2006-6998 affects Headstart Solutions DeskPRO. The vulnerable file is install/loader_help.php, which can be accessed with a q=phpinfo QUERY_STRING to trigger phpinfo, allowing remote attackers to obtain configuration information. Documented impact is Partial Confidentiality with no integrity/...