Customer Support System 1.0 - Stored XSS Vulnerability

Exploit Title: Customer Support System 1.0 - XSS Cross-Site Scripting Vulnerability in the "subject" at "ticketlist" Exploit Author: Geraldo Alcantara Vendor Homepage: https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html Software Link:...

Customer Support System 1.0 Cross Site Scripting

Exploit Title: Customer Support System 1.0 - XSS Cross-Site Scripting Vulnerability in the "subject" at "ticketlist" Date: 28/11/2023 Exploit Author: Geraldo Alcantara Vendor Homepage: https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html Software Link:...

CVE-2021-42137

An issue was discovered in Zammad before 5.0.1. In some cases, there is improper enforcement of the privilege requirement for viewing a list of tickets that shows title, state, etc...

Privilege escalation

An issue was discovered in Zammad before 5.0.1. In some cases, there is improper enforcement of the privilege requirement for viewing a list of tickets that shows title, state, etc...

Zammad 安全漏洞

Zammad is a suite of ticket management software from Zammad, a German company. Zammad is vulnerable to authorization issues in versions prior to 5.0.1, which stem from a lack of authentication measures or insufficient authentication strength in the network system or product. An attacker could use...

Quest Software KACE Systems Management Appliance Server Center SQL Injection Vulnerability (CNVD-2020-20171)

Quest Software KACE Systems Management Appliance SMA is a systems management appliance from Quest Software, USA. It supports IT asset management, server management and monitoring, software license management, patch management, etc. Server Center is one of the help desk programs. Quest Software KA...

CVE-2019-13076

Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /userui/ticketlist.php, and affected parameters are order0column and order0dir...

CVE-2019-13076

Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /userui/ticketlist.php, and affected parameters are order0column and order0dir...

CVE-2019-13076

Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /userui/ticketlist.php, and affected parameters are order0column and order0dir...