CVE-2004-2603

Cross-site scripting XSS vulnerability in the Search module in UberTec Help Center Live HCL allows remote attackers to inject arbitrary web script or HTML via the find parameter to index.php...

Help Center Live module.php file Parameter Local File Inclusion

The remote host is running Help Center Live, a help desk tool written in PHP. The remote version of Help Center Live fails to sanitize input to the 'file' parameter of the 'module.php' script before using it in a PHP includeonce function. Regardless of PHP's 'registerglobals' setting, an...

CVE-2005-3639

PHP file inclusion vulnerability in the osTicket module in Help Center Live before 2.0.3 allows remote attackers to access or include arbitrary files via the file parameter, possibly due to a directory traversal vulnerability...

CVE-2005-3639

PHP file inclusion vulnerability in the osTicket module in Help Center Live before 2.0.3 allows remote attackers to access or include arbitrary files via the file parameter, possibly due to a directory traversal vulnerability...

CVE-2005-3639

Summary: CVE-2005-3639 is a local/file inclusion vulnerability in the Help Center Live product, affecting the osTicket module prior to version 2.0.3. The issue arises from insufficient sanitization of the file parameter (path traversal risk) in the module.php flow, allowing remote attackers to re...

[SA17580] Help Center Live "file" Local File Inclusion Vulnerability

TITLE: Help Center Live "file" Local File Inclusion Vulnerability SECUNIA ADVISORY ID: SA17580 VERIFY ADVISORY: http://secunia.com/advisories/17580/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information WHERE: From remote SOFTWARE: Help Center Live 2.x...

Help Center Live 1.01.22.0 - module.php Local File Inclusion

Help Center Live 1.01.22.0 - module.php Local File Inclusion source: https://www.securityfocus.com/bid/15404/info Help Center Live is prone to a local file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage...

helpcenterBad.txt

GulfTech Security Research May 17th, 2005 Vendor : Michael Bird URL : http://www.helpcenterlive.com/ Version : Help Center Live All Versions Risk : Multiple Vulnerabilities Description: Help Center Live is a Live help desk system written in PHP using a MySql database backend that features Live...

CVE-2005-1674

Cross-Site Request Forgery CSRF vulnerability in Help Center Live allows remote attackers to perform actions as the administrator via a link or IMG tag to view.php...

CVE-2005-1674

Cross-Site Request Forgery CSRF vulnerability in Help Center Live allows remote attackers to perform actions as the administrator via a link or IMG tag to view.php...

CVE-2005-1672

Help Center Live (PHP-based live help desk with a MySQL backend) is affected by multiple cross-site scripting (XSS) vulnerabilities identified as CVE-2005-1672. The XSS can be triggered by untrusted input in several fields: the find parameter to index.php, the name or message field of a chat requ...

CVE-2005-1674

CVE-2005-1674 : The provided documents describe a Cross-Site Request Forgery in Help Center Live (view.php) that allows a remote attacker to perform administrator actions via a link or IMG tag. The Red Hat, CVE, CVE List, Exploit-DB, and Nessus entries concur on the vulnerability class and affect...

CVE-2005-1672

Multiple cross-site scripting XSS vulnerabilities in Help Center Live allow remote attackers to inject arbitrary web script or HTML via the 1 find parameter to index.php, 2 name or 3 message field of a chat request, or 4 the message body when opening a trouble ticket...

CVE-2005-1673

CVE-2005-1673 affects Help Center Live (PHP/MySQL) with multiple SQL injection flaws (e.g., id in index.php, tid in view.php, fid in download.php/chat_download.php, status in icon.php, TICKET_tid in index.php/view.php). Root cause: insufficient input sanitization in several parameters leading to ...

CVE-2005-1673

Multiple SQL injection vulnerabilities in Help Center Live allow remote attackers to execute arbitrary SQL commands via the 1 id parameter to index.php, 2 tid parameter to view.php, fid parameter to 3 download.php or 4 chatdownload.php, 5 status parameter to icon.php, TICKETtid parameter to 6...

CVE-2005-1674

Cross-Site Request Forgery CSRF vulnerability in Help Center Live allows remote attackers to perform actions as the administrator via a link or IMG tag to view.php...

CVE-2005-1672

Multiple cross-site scripting XSS vulnerabilities in Help Center Live allow remote attackers to inject arbitrary web script or HTML via the 1 find parameter to index.php, 2 name or 3 message field of a chat request, or 4 the message body when opening a trouble ticket...

CVE-2005-1673

Multiple SQL injection vulnerabilities in Help Center Live allow remote attackers to execute arbitrary SQL commands via the 1 id parameter to index.php, 2 tid parameter to view.php, fid parameter to 3 download.php or 4 chatdownload.php, 5 status parameter to icon.php, TICKETtid parameter to 6...

PT-2005-2651 · Help Center Live · Help Center Live

Name of the Vulnerable Software and Affected Versions: Help Center Live affected versions not specified Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This allows remote attackers to perform actions as the administrator via a link or IMG tag to "view.php"...

[SA15401] Help Center Live Multiple Vulnerabilities

---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secuniavacancies/ ---------------------------------------------------------------------- TITLE: Help Center Live Multiple Vulnerabilities SECUNIA...