CVE-2010-3498

AVG Anti-Virus does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to...

CVE-2010-3496

McAfee VirusScan Enterprise 8.5i and 8.7i does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection...

CVE-2010-1373

Cross-site scripting XSS vulnerability in Help Viewer in Apple Mac OS X 10.6 before 10.6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted help: URL, related to "URL parameters in HTML content."...

CVE-2011-5155

Untrusted search path vulnerability in Help & Manual 5.5.1 Build 1296 allows local users to gain privileges via a Trojan horse ijl15.dll file in the current working directory, as demonstrated by a directory that contains a .hmxz, .hmxp, .hmskin, .hmx, .hm3, .hpj, .hlp, or .chm file. NOTE: some of...

CVE-2011-0785

Unspecified vulnerability in the Oracle Help component in Oracle Database Server 11.1.0.7, 11.2.0.1, 11.2.0.2, 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, and 10.1.0.5; and Oracle Fusion Middleware 11.1.1.2.0, 11.1.1.3.0, and 11.1.1.4.0 allows remote attackers to affect integrity via unknown vectors...

CVE-2005-1673

Multiple SQL injection vulnerabilities in Help Center Live allow remote attackers to execute arbitrary SQL commands via the 1 id parameter to index.php, 2 tid parameter to view.php, fid parameter to 3 download.php or 4 chatdownload.php, 5 status parameter to icon.php, TICKETtid parameter to 6...

CVE-2009-0303

Cross-site scripting XSS vulnerability in Web Help Desk before 9.1.18 allows remote attackers to inject arbitrary web script or HTML via vectors related to "encoded JavaScript" and Helpdesk.woa...

CVE-2005-2017

Symantec AntiVirus 9 Corporate Edition allows local users to gain privileges via the "Scan for viruses" option, which launches a help window with raised privileges, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2002-1540...

CVE-2002-2083

The Novell Netware client running on Windows 95 allows local users to bypass the login and open arbitrary files via the "What is this?" help feature, which can be launched from the Novell Netware login screen...

CVE-2005-4025

Help Desk Reloaded Free Help Desk does not remove or protect install.php once installation is complete, which allows remote attackers to gain privileges via a direct request to install.php, then navigating to accountsetup.php and creating a new user...

CVE-2025-25539

Local File Inclusion vulnerability in Vasco v3.14and before allows a remote attacker to obtain sensitive information via help menu...

[SECURITY] Fedora 42 Update: yelp-xsl-42.1-7.fc42

This package contains XSL stylesheets that are used by the yelp help browser...

[SECURITY] Fedora 42 Update: yelp-42.2-9.fc42

Yelp is the help browser for the GNOME desktop. It is designed to help you browse all the documentation on your system in one central tool, including traditional man pages, info pages and documentation written in DocBook...

CVE-2025-25539

Local File Inclusion vulnerability in Vasco v3.14and before allows a remote attacker to obtain sensitive information via help menu...

PT-2025-22402

Name of the Vulnerable Software and Affected Versions Vasco versions 3.14 and earlier Description The issue allows a remote attacker to obtain sensitive information via the help menu. This is due to a Local File Inclusion vulnerability. Recommendations For versions 3.14 and earlier, consider...

Vasco Self-Service Portal 安全漏洞

Vasco Self-Service Portal is a self-service portal from Vasco, Inc. A security vulnerability exists in Vasco Self-Service Portal v3.14 and earlier versions, which originates from a local file inclusion in the Help menu and could lead to the disclosure of sensitive information...

yelp: Arbitrary file read

A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment...

Important: yelp and yelp-xsl security update

Yelp is the help browser for the GNOME desktop. It is designed to help you browse all the documentation on your system in one central tool, including traditional man pages, info pages and documentation written in DocBook. Security Fixes: yelp: Arbitrary file read CVE-2025-3155 For more details...

yelp: Arbitrary file read

A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment...

yelp: Arbitrary file read

A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment...