35 matches found
CVE-2025-60232 WordPress KBx Pro Ultimate plugin <= 8.0.5 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in quantumcloud KBx Pro Ultimate knowledgebase-helpdesk-pro allows Object Injection.This issue affects KBx Pro Ultimate: from n/a through = 8.0.5...
EUVD-2015-4098
Malware in sbrugna...
VulnCheck KEV: CVE-2015-4074
Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the filename parameter in a ticket.downloadattachment task...
Code injection
The Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to write to arbitrary .ini files via a crafted language.save task...
Directory traversal
Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the filename parameter in a ticket.downloadattachment task...
CVE-2015-4072
Multiple cross-site scripting XSS vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via vectors related to name and message...
CVE-2015-4075
The Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to write to arbitrary .ini files via a crafted language.save task...
Sql injection
Multiple SQL injection vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the 1 ticketcode or 2 email parameter or 3 remote authenticated users to execute arbitrary SQL commands via the filterorder parameter...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via vectors related to name and message...
CVE-2015-4074
Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the filename parameter in a ticket.downloadattachment task...
CVE-2015-4073
Multiple SQL injection vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the 1 ticketcode or 2 email parameter or 3 remote authenticated users to execute arbitrary SQL commands via the filterorder parameter...
CVE-2015-4074
CVE-2015-4074 is a proven Local File Inclusion / path traversal vulnerability in the Joomla! Helpdesk Pro plugin < 1.4.0. The issue allows reading arbitrary files via a .. in the filename parameter of the ticket.download_attachment task. Affected software: Joomla! Helpdesk Pro plugin versions ...
CVE-2015-4075
The Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to write to arbitrary .ini files via a crafted language.save task...
CVE-2015-4072
CVE-2015-4072 affects the Joomla! Helpdesk Pro plugin prior to version 1.4.0. The vulnerability is described as cross-site scripting (XSS) via input fields related to name and message, allowing remote attackers to inject arbitrary scripts. The root cause is an XSS condition in the plugin’s handli...
CVE-2015-4073
Multiple SQL injection vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the 1 ticketcode or 2 email parameter or 3 remote authenticated users to execute arbitrary SQL commands via the filterorder parameter...
CVE-2015-4075
CVE-2015-4075 – Joomla! Helpdesk Pro (
CVE-2015-4072
Multiple cross-site scripting XSS vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via vectors related to name and message...
CVE-2015-4073
CVE-2015-4073 refers to SQL injection weaknesses in the Joomla! Helpdesk Pro plugin (before version 1.4.0). The affected component is the Helpdesk Pro Joomla! plugin; the root cause is improper handling of user input in SQL queries, allowing remote attackers to inject arbitrary SQL via (1) ticket...
CVE-2015-4071
The Helpdesk Pro Plugin before 1.4.0 for Joomla! allows remote attackers to read the support tickets of arbitrary users via obtaining the target ticketId, and navigating to http://target/component/helpdeskpro/?view=ticket&id=ticketId...
Code injection
The Helpdesk Pro Plugin before 1.4.0 for Joomla! allows remote attackers to read the support tickets of arbitrary users via obtaining the target ticketId, and navigating to http://target/component/helpdeskpro/?view=ticket&id=ticketId...