EUVD-2012-4899

Malware in sbrugna...

EUVD-2012-4898

Malware in sbrugna...

CVE-2012-4976

selectawasset.asp in Layton Helpbox 4.4.0 allows remote attackers to discover ODBC database credentials via an element=sysassetid request, which is not properly handled during construction of an error page...

CVE-2012-4977

Layton Helpbox 4.4.0 allows remote attackers to discover cleartext credentials for the login page by sniffing the network...

CVE-2012-4976

selectawasset.asp in Layton Helpbox 4.4.0 allows remote attackers to discover ODBC database credentials via an element=sysassetid request, which is not properly handled during construction of an error page...

CVE-2012-4977

Layton Helpbox 4.4.0 allows remote attackers to discover cleartext credentials for the login page by sniffing the network...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Layton Helpbox 4.4.0 allow remote attackers to inject arbitrary web script or HTML via the 1 syssolutionid, 2 sysrequesttypeid, 3 sysproblemdesc, 4 syssolutiondesc, 5 sysproblemsummary, 6 usrActiontesting, 7 usrEscalation, or 8...

Sql injection

Multiple SQL injection vulnerabilities in Layton Helpbox 4.4.0 allow remote attackers to execute arbitrary SQL commands via the 1 reqclass parameter to editrequestenduser.asp; the 2 sysrequestid parameter to editrequestuser.asp; the 3 sysrequestid parameter to enduseractions.asp; the 4 sysrequest...

Design/Logic Flaw

selectawasset.asp in Layton Helpbox 4.4.0 allows remote attackers to discover ODBC database credentials via an element=sysassetid request, which is not properly handled during construction of an error page...

CVE-2012-4972

Layton Helpbox 4.4.0 is affected by cross-site scripting (XSS) vulnerabilities. Exploitable via writesolutionuser.asp (parameters: sys_solution_id, sys_requesttype_id, sys_problem_desc, sys_solution_desc, sys_problemsummary, usr_Action_testing, usr_Escalation, usr_Additional_Resources) and delete...

CVE-2012-4974

Layton Helpbox 4.4.0 allows remote authenticated users to change the login context and gain privileges via a modified 1 loggedinenduser, 2 loggedinendusername, 3 loggedinuserusergroup, 4 loggedinuser, or 5 loggedinusername cookie...

CVE-2012-4971

Multiple SQL injection vulnerabilities in Layton Helpbox 4.4.0 allow remote attackers to execute arbitrary SQL commands via the 1 reqclass parameter to editrequestenduser.asp; the 2 sysrequestid parameter to editrequestuser.asp; the 3 sysrequestid parameter to enduseractions.asp; the 4 sysrequest...

CVE-2012-4975

CVE-2012-4975 affects Layton Helpbox 4.4.0. An authorization bypass exists on editrequestuser.asp: by changing the sys_request_id parameter, a remote authenticated attacker can access and modify other users’ support-ticket data, effectively logging in as another user and altering data. The descri...

CVE-2012-4976

selectawasset.asp in Layton Helpbox 4.4.0 allows remote attackers to discover ODBC database credentials via an element=sysassetid request, which is not properly handled during construction of an error page...

Layton Helpbox 4.4.0 SQL Injection

Layton Helpbox 4.4.0 Multiple SQL Injection Points by Joseph Sheridan Summary Layton Technologies Helpbox product version 4.4.0 is vulnerable to multiple SQL injection vulnerabilities. CVE number: CVE-2012-4971 Impact: High Vendor homepage: http://www.laytontechnology.com Vendor notified:...

Layton Helpbox 4.4.0 Authorization Bypass

Layton Helpbox 4.4.0 Authorisation Bypass Vulnerability by Joseph Sheridan Summary Layton Technologies Helpbox product version 4.4.0 is vulnerable to an authorisation bypass vulnerability. CVE number: CVE-2012-4975 Impact: Medium Vendor homepage: http://www.laytontechnology.com Vendor notified:...

Layton Helpbox 4.4.0 Cross Site Scripting

Layton Helpbox 4.4.0 Reflected Cross-Site Scripting by Joseph Sheridan Summary Layton Technologies Helpbox product version 4.4.0 is vulnerable to a reflected cross-site scripting vulnerability. CVE number: CVE-2012-4972 Impact: Medium Vendor homepage: http://www.laytontechnology.com Vendor...

Layton Helpbox 4.4.0 Password Disclosure

Layton Helpbox 4.4.0 Password Disclosure Vulnerability by Joseph Sheridan Summary Layton Technologies Helpbox product version 4.4.0 is vulnerable to a password disclosure vulnerability in an error page. CVE number: CVE-2012-4976 Impact: High Vendor homepage: http://www.laytontechnology.com Vendor...