Lucene search
K
Headstart SolutionsDeskpro

7 matches found

CVE
CVE
added 2007/02/07 8:0 p.m.65 views

CVE-2006-6973

CVE-2006-6973 affects Headstart Solutions DeskPRO. The vulnerability allows remote attackers to bypass authentication for administrative paths, enabling (1) reinstall via install/index.php, (2) database deletion via a crafted do=delete_database query on a renamed install/index.php, and (3)/(4) un...

7.5CVSS6.9AI score0.01342EPSS
Web
CVE
CVE
added 2007/08/18 9:0 p.m.55 views

CVE-2007-4412

CVE-2007-4412 describes multiple cross-site scripting (XSS) vulnerabilities in Headstart Solutions DeskPRO 3.0.2. The issues allow remote authenticated users to inject arbitrary script/HTML via unspecified parameters to a set of PHP scripts (techs.php, ticket_category.php, ticket_priority.php, ti...

3.5CVSS5.6AI score0.00842EPSS
CVE
CVE
added 2007/02/12 5:0 p.m.49 views

CVE-2006-7000

CVE-2006-7000 relates to Headstart Solutions DeskPRO. Multiple endpoints (email/mail.php, includes/init.php, includes/cron/*, jpgraph.php, jpgraph_bar.php, jpgraph_pie.php, jpgraph_pie3d.php in includes/graph/) disclose the server’s full filesystem path via error messages. The vulnerability stems...

5CVSS6.6AI score0.0114EPSS
CVE
CVE
added 2007/02/07 8:0 p.m.47 views

CVE-2006-6974

The CVE-2006-6974 entry concerns Headstart Solutions DeskPRO, where sensitive data is stored under the web root with insufficient access control. According to the sources, an attacker can directly request various files in includes/ (config.php, config.php.bak, and other includes/), read files in ...

7.5CVSS7AI score0.01272EPSS
Web
CVE
CVE
added 2007/02/12 5:0 p.m.41 views

CVE-2006-6998

CVE-2006-6998 affects Headstart Solutions DeskPRO. The vulnerable file is install/loader_help.php, which can be accessed with a q=phpinfo QUERY_STRING to trigger phpinfo, allowing remote attackers to obtain configuration information. Documented impact is Partial Confidentiality with no integrity/...

5CVSS6.3AI score0.01076EPSS
Web
CVE
CVE
added 2007/02/12 5:0 p.m.41 views

CVE-2006-6999

The CVE-2006-6999 entry concerns attachment.php in Headstart Solutions DeskPRO, where remote attackers can read all uploaded files by supplying a modified id parameter. The vulnerability is evidenced across multiple sources (NVD, Red Hat advisory, CVE listings) with the core issue being an insecu...

4.3CVSS6.5AI score0.01037EPSS
CVE
CVE
added 2007/08/18 9:0 p.m.41 views

CVE-2007-4413

CVE-2007-4413: A direct static code injection vulnerability in admincp/user_help.php of Headstart Solutions DeskPRO 3.0.2 allows remote authenticated users to inject arbitrary PHP code into an unspecified file via a new_entry value in the do parameter. This CVE entry is supported by NVD and relat...

3.5CVSS6.8AI score0.00847EPSS
Web