Cerberus Helpdesk Security Vulnerabilities and Issues — Cerberus Helpdesk CVE List

Lucene search

CerberusCerberus Helpdesk

9 matches found

CVE•added 2009/03/06 6:30 p.m.•45 views

CVE-2008-6440

Cerberus Helpdesk before 4.0 (Build 600) allows remote attackers to obtain sensitive information via direct requests for "controllers ... that aren't standard helpdesk pages," possibly involving the (1) /display and (2) /kb URIs.

5CVSS6.5AI score0.00282EPSS

CVE•added 2006/10/20 5:7 p.m.•44 views

CVE-2006-5428

rpc.php in Cerberus Helpdesk 3.2.1 does not verify a client's privileges for a display_get_requesters operation, which allows remote attackers to bypass the GUI login and obtain sensitive information (ticket data) via a direct request.

5CVSS6.3AI score0.04248EPSS

CVE•added 2005/11/05 11:2 a.m.•42 views

CVE-2005-3502

attachment_send.php in Cerberus Helpdesk allows remote attackers to view attachments and tickets of other users via a modified file_id parameter.

5CVSS7AI score0.00619EPSS

CVE•added 2005/06/16 4:0 a.m.•38 views

CVE-2005-1962

Cross-site scripting (XSS) vulnerability in Cerberus Helpdesk 0.97.3 allows remote attackers to inject arbitrary web script or HTML via the (1) errorcode parameter to index.php or (2) certain fields to clients.php.

4.3CVSS5.9AI score0.00409EPSS

CVE•added 2006/02/01 11:2 p.m.•38 views

CVE-2006-0509

Multiple cross-site scripting (XSS) vulnerabilities in clients.php in Cerberus Helpdesk, possibly 2.7, allow remote attackers to inject arbitrary web script or HTML via (1) the contact_search parameter and (2) unspecified url fields.

4.3CVSS6AI score0.06618EPSS

CVE•added 2005/12/20 11:3 p.m.•37 views

CVE-2005-4427

Multiple SQL injection vulnerabilities in Cerberus Helpdesk allow remote attackers to execute arbitrary SQL commands via the (1) file_id parameter to attachment_send.php, (2) the $addy variable in email_parser.php, (3) $address variable in email_parser.php, (4) $a_address variable in structs.php, (...

7.5CVSS8.5AI score0.02653EPSS

CVE•added 2005/12/20 11:3 p.m.•36 views

CVE-2005-4428

Cross-site scripting (XSS) vulnerability in index.php in Cerberus Helpdesk allows remote attackers to inject arbitrary web script or HTML via the kb_ask parameter.

4.3CVSS5.7AI score0.00527EPSS

CVE•added 2005/06/16 4:0 a.m.•34 views

CVE-2005-1963

Cerberus Helpdesk 0.97.3 allows remote attackers to obtain sensitive information via certain requests to (1) reports.php, (2) knowledgebase.php, or (3) configuration.php, which leaks the information in a PHP error message.

5CVSS6.7AI score0.0059EPSS

CVE•added 2006/09/05 11:4 p.m.•27 views

CVE-2006-4539

(1) includes/widgets/module_company_tickets.php and (2) includes/widgets/module_track_tickets.php Client Support Center in Cerberus Helpdesk 3.2 Build 317, and possibly earlier, allows remote attackers to bypass security restrictions and obtain sensitive information via the ticket parameter. NOTE: ...

7.5CVSS6.9AI score0.00562EPSS