12 matches found
CVE-2026-23946
Tendenci is an open source content management system built for non-profits, associations and cause-based sites. Versions 15.3.11 and below include a critical deserialization vulnerability in the Helpdesk module which is not enabled by default. This vulnerability allows Remote Code Execution RCE b...
Tendenci code issues and vulnerabilities
Tendenci is a software solution developed by the Tendenci company in the United States, primarily used for managing associations of non-profit organizations and institutions. This software supports functions such as member management, content management, event management, and online donation...
Tendenci Affected by Authenticated Remote Code Execution via Pickle Deserialization
A critical deserialization vulnerability exists in Tendenci Helpdesk module NOTE, by default, Helpdesk is NOT enabled, affecting the version 15.3.11 and earlier. This vulnerability allows remote code execution RCE by an authenticated user with staff security level due to using Python's pickle...
EUVD-2005-3814
Malware in sbrugna...
EUVD-2006-4575
Malware in sbrugna...
PT-2021-17936 · Qnap Systems · Qnap Helpdesk +1
Name of the Vulnerable Software and Affected Versions: QNAP Systems Inc. Helpdesk versions prior to 3.0.4 Description: An improper access control issue has been reported, affecting QNAP NAS. This issue allows remote attackers to compromise the security of the software. Recommendations: For versio...
PYSEC-2020-112
Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\views\staff.py...
TeemIp - IP Address Management Solution
All network administrators do recognize how important it is to have a well managed IP space: a comprehensive and up to date inventory of all subnets and IPs used in a network as well as clear and simple processes to request, change or release IPs are underlying key factors for a trouble free...
phpCOIN 1.2 mod.php Multiple Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/12686/info Multiple remote input-validation vulnerabilities affect phpCOIN because the application fails to properly sanitize user-supplied input before using it to carry out critical functionality. An attacker may levera...
CVE-2006-4587
Multiple cross-site scripting XSS vulnerabilities in vtiger CRM 4.2.4, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the 1 description parameter in unspecified modules or the 2 solution parameter in the HelpDesk module...
CVE-2006-4587
Multiple cross-site scripting XSS vulnerabilities in vtiger CRM 4.2.4, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the 1 description parameter in unspecified modules or the 2 solution parameter in the HelpDesk module...
CVE-2005-3819
Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary SQL commands and bypass authentication via the 1 username and 2 date parameter in the HelpDesk module...