Help Center Live Multiple Vulnerabilities (SQLi, XSS, CSRF)

The remote host is running Help Center Live, a help desk written in PHP that suffers from multiple vulnerabilities: - Multiple SQL Injection Vulnerabilities The application fails in many cases to sanitize user- supplied input before using it in database queries. As long as PHP's 'magicquotesgpc'...

CVE-2004-2601

PHP remote file inclusion vulnerability in UberTec Help Center Live HCL allows remote attackers to read local files and possibly execute PHP code via a URL in the SKINinner parameter to inc/skin.php...

CVE-2004-2603

Cross-site scripting XSS vulnerability in the Search module in UberTec Help Center Live HCL allows remote attackers to inject arbitrary web script or HTML via the find parameter to index.php...

Help Center Live Multiple Vulnerabilities

Binary data 2477.prm...

Help Center Live Multiple Remote Vulnerabilities (Cmd Exec, XSS)

The remote host is running Help Center Live, a help desk application written in PHP. The remote version of this software is vulnerable to various flaws, including one that may allow an attacker to execute arbitrary commands on the remote host subject to the privileges of the web server user id...

[SA13652] Help Center Live Multiple Vulnerabilities

TITLE: Help Center Live Multiple Vulnerabilities SECUNIA ADVISORY ID: SA13652 VERIFY ADVISORY: http://secunia.com/advisories/13652/ CRITICAL: Highly critical IMPACT: Cross Site Scripting, Exposure of sensitive information, System access WHERE: From remote SOFTWARE: Help Center Live 1.x...

CVE-2001-0909

Buffer overflow in helpctr.exe program in Microsoft Help Center for Windows XP allows remote attackers to execute arbitrary code via a long hcp: URL...

CVE-2001-0909

CVE-2001-0909 : Affected software is Microsoft Help Center on Windows XP, vulnerable via a buffer overflow in the helpctr.exe component when processing a long hcp: URL. This could allow a remote attacker to execute arbitrary code. CVSS v2 base score is 7.5 (HIGH) with network access, low attack c...

Help Center Live < 2.1.0 osTicket Multiple SQL Injection

Binary data 3521.prm...

CVE-2004-0474

Help Center HelpCtr.exe may allow remote attackers to read or execute arbitrary files via an "http://" or "file://" argument to the topic parameter in an hcp:// URL. NOTE: since the initial report of this problem, several researchers have been unable to reproduce this issue...

CVE-2004-0474

CVE-2004-0474 affects Help Center (HelpCtr.exe). A remote attacker can supply an http:// or file:// URL as the topic parameter in an hcp:// URL to read or execute arbitrary files. The provided documents do not specify affected versions, exploitation status, or remediation steps.

CVE-2004-0474

Help Center HelpCtr.exe may allow remote attackers to read or execute arbitrary files via an "http://" or "file://" argument to the topic parameter in an hcp:// URL. NOTE: since the initial report of this problem, several researchers have been unable to reproduce this issue...

[Full-Disclosure] MS04-015 - Windows Help Center - Dvdupgrade

------------------------------------------------------------ - EXPL-A-2003-027 exploitlabs.com Advisory 027 - ------------------------------------------------------------ - Windows Help Center - Dvdupgrade - OVERVIEW ======== "Help and Support Center HSC is a feature in Windows that provides help...

Windows Help Center Dvdupgrade code execution

It's possible to execute any code via local zone scripting...

MS04-015: Microsoft Help Center Remote Code Execution (840374)

The remote host contains bugs in the Microsoft Help and Support Center in the way it handles HCP URL validation. 840374 An attacker could use this bug to execute arbitrary commands on the remote host. To exploit this bug, an attacker would need to lure a user of the remote host into visiting a...

Microsoft Help and Support Center (HCP) fails to properly validate HCP URLs

Overview The Microsoft Help and Support Center HCP fails to properly handle HCP URL validation. Exploitation of this vulnerability may permit remote attackers to execute arbitrary code on the system with the privileges of the current user. Description Microsoft Windows XP and Server 2003 Help and...

CVE-2003-0907

Help and Support Center in Microsoft Windows XP SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code via quotation marks in an hcp:// URL, which are not quoted when constructing the argument list to HelpCtr.exe...

Microsoft Window ME Help Center buffer overflow

Buffer overflow during hcp:// URL processing...

Security Bulletin MS02-060: Flaw in Windows XP Help and Support Center Could Enable File Deletion &#40;Q328940&#41;

-----BEGIN PGP SIGNED MESSAGE----- - ---------------------------------------------------------------------- Title: Flaw in Windows XP Help and Support Center Could Enable File Deletion Q328940 Date: 16 October 2002 Software: Microsoft Windows XP Impact: Delete files on the user's system Max Risk:...

File deletion via Windows XP Help Center

By usgin hcp:// URL it's possible to remove file sustem objects...