7 matches found
CVE-2006-6973
CVE-2006-6973 affects Headstart Solutions DeskPRO. The vulnerability allows remote attackers to bypass authentication for administrative paths, enabling (1) reinstall via install/index.php, (2) database deletion via a crafted do=delete_database query on a renamed install/index.php, and (3)/(4) un...
CVE-2007-4412
CVE-2007-4412 describes multiple cross-site scripting (XSS) vulnerabilities in Headstart Solutions DeskPRO 3.0.2. The issues allow remote authenticated users to inject arbitrary script/HTML via unspecified parameters to a set of PHP scripts (techs.php, ticket_category.php, ticket_priority.php, ti...
CVE-2006-7000
CVE-2006-7000 relates to Headstart Solutions DeskPRO. Multiple endpoints (email/mail.php, includes/init.php, includes/cron/*, jpgraph.php, jpgraph_bar.php, jpgraph_pie.php, jpgraph_pie3d.php in includes/graph/) disclose the server’s full filesystem path via error messages. The vulnerability stems...
CVE-2006-6974
The CVE-2006-6974 entry concerns Headstart Solutions DeskPRO, where sensitive data is stored under the web root with insufficient access control. According to the sources, an attacker can directly request various files in includes/ (config.php, config.php.bak, and other includes/), read files in ...
CVE-2006-6998
CVE-2006-6998 affects Headstart Solutions DeskPRO. The vulnerable file is install/loader_help.php, which can be accessed with a q=phpinfo QUERY_STRING to trigger phpinfo, allowing remote attackers to obtain configuration information. Documented impact is Partial Confidentiality with no integrity/...
CVE-2006-6999
The CVE-2006-6999 entry concerns attachment.php in Headstart Solutions DeskPRO, where remote attackers can read all uploaded files by supplying a modified id parameter. The vulnerability is evidenced across multiple sources (NVD, Red Hat advisory, CVE listings) with the core issue being an insecu...
CVE-2007-4413
CVE-2007-4413: A direct static code injection vulnerability in admincp/user_help.php of Headstart Solutions DeskPRO 3.0.2 allows remote authenticated users to inject arbitrary PHP code into an unspecified file via a new_entry value in the do parameter. This CVE entry is supported by NVD and relat...