22 matches found
EUVD-2005-2463
Malware in sbrugna...
EUVD-2005-2461
Malware in sbrugna...
EUVD-2005-2464
Malware in sbrugna...
EUVD-2005-2462
Malware in sbrugna...
Kayako LiveResponse 2.0 index.php Calendar Feature Multiple Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/14425/info Kayako LiveResponse is prone to multiple cross-site scripting, SQL injection, and HTML injection vulnerabilties. These issues are all related to input validation errors. The cross-site scripting and HTML...
Kayako SupportSuite < 3.30.00 Multiple Vulnerabilities
GulfTech Security Research August 09, 2008 Vendor : Kayako Infotech Ltd. URL : http://www.kayako.com/ Version : Kayako SupportSuite 3.30.00 Risk : Multiple Vulnerabilities Description: Kayako SupportSuite is a very popular online eSupport application that consists of several well known Kayako...
CVE-2005-2462
Kayako LiveResponse 2.x is affected by a vulnerability where, during user login, the password is recorded in plaintext in the URL. This enables local users and possibly remote attackers to gain privileges and access sensitive information. The issue is discussed across multiple sources, and relate...
CVE-2005-2460
CVE-2005-2460 affects Kayako LiveResponse 2.x. The vulnerability is a cross-site scripting (XSS) flaw exploitable via the username parameter or the name field when a user enters a session or sends a message. NVD metrics indicate a medium severity (base score 5.8) with network vector, no authentic...
CVE-2005-2461
Multiple SQL injection vulnerabilities in the calendar feature in Kayako liveResponse 2.x allow remote attackers to execute arbitrary SQL commands via the 1 year or 2 date parameter...
CVE-2005-2461
CVE-2005-2461 concerns Kayako LiveResponse 2.x, where the calendar feature exposes multiple SQL injection flaws exploitable via the (1) year or (2) date parameters. The NVD entry notes remote, unauthenticated access with network vector and low attack complexity, leading to potentially partial con...
CVE-2005-2463
Kayako LiveResponse 2.x vulnerability (CVE-2005-2463) lets remote attackers obtain sensitive information by directly requesting addressbook.php and other include scripts, with the path exposed in an error message. Affected software: Kayako LiveResponse 2.x. Impact: information disclosure with par...
CVE-2005-2463
Kayako liveResponse 2.x allows remote attackers to obtain sensitive information via a direct request to addressbook.php and other include scripts, which reveals the path in an error message...
CVE-2005-2460
Multiple cross-site scripting XSS vulnerabilities in Kayako liveResponse 2.x allow remote attackers to inject arbitrary web script or HTML via the 1 username parameter or 2 name field when entering a session or sending a message...
CVE-2005-2461
Multiple SQL injection vulnerabilities in the calendar feature in Kayako liveResponse 2.x allow remote attackers to execute arbitrary SQL commands via the 1 year or 2 date parameter...
CVE-2005-2463
Kayako liveResponse 2.x allows remote attackers to obtain sensitive information via a direct request to addressbook.php and other include scripts, which reveals the path in an error message...
CVE-2005-2462
Kayako liveResponse 2.x, when logging in a user, records the password in plaintext in the URL, which allows local users and possibly remote attackers to gain privileges...
kayakoBad.txt
GulfTech Security Research July 30th, 2005 Vendor : Kayako Web Solutions URL : http://www.kayako.com/ Version : Kayako liveResponse v2.x Risk : Multiple Vulnerabilities Description: Kayako liveResponse is a web based application aimed at providing live support for websites and businesses. There a...
Kayako LiveResponse Multiple Vulnerabilities
The remote host is running Kayako LiveResponse, a web-based live support system. The installed version of Kayako LiveResponse on the remote host fails to sanitize user-supplied input to many parameters / scripts, which makes the application vulnerable to SQL injection and cross-site scripting...
Kayako liveResponse Multiple Vulnerabilities
GulfTech Security Research July 30th, 2005 Vendor : Kayako Web Solutions URL : http://www.kayako.com/ Version : Kayako liveResponse v2.x Risk : Multiple Vulnerabilities Description: Kayako liveResponse is a web based application aimed at providing live support for websites and businesses. There a...
Kayako Live Response 2.0 - 'index.php?Username' Cross-Site Scripting
source: https://www.securityfocus.com/bid/14425/info Kayako LiveResponse is prone to multiple cross-site scripting, SQL injection, and HTML injection vulnerabilties. These issues are all related to input validation errors. The cross-site scripting and HTML injection vulnerabilities may allow for...