Lucene search
K
Layton TechnologyHelpbox

10 matches found

CVE
CVE
added 2012/12/12 11:0 a.m.57 views

CVE-2012-4971

CVE-2012-4971 describes multiple SQL injection vulnerabilities in Layton Helpbox 4.4.0. The affected components include various ASP pages and parameters such as editrequestenduser.asp (reqclass), editrequestuser.asp (sys_request_id), enduseractions.asp (sys_request_id), enduserreopenrequeststatus...

7.5CVSS8.6AI score0.01193EPSS
CVE
CVE
added 2012/12/12 11:0 a.m.55 views

CVE-2012-4977

CVE-2012-4977 affects Layton Helpbox 4.4.0. The vulnerability allows remote attackers to obtain cleartext credentials from the login page by sniffing unencrypted network traffic. Root cause is unencrypted login handling. Impact is exposure of credentials during authentication. No remediation deta...

5CVSS6.9AI score0.01186EPSS
CVE
CVE
added 2012/12/12 11:0 a.m.53 views

CVE-2012-4976

Layton Helpbox 4.4.0 is affected by CVE-2012-4976. The vulnerable page is selectawasset.asp, where the querystring element=sys_asset_id is not properly sanitized during error-page construction, leading to disclosure of ODBC database credentials in cleartext. This credential exposure can allow an ...

5CVSS6.8AI score0.01186EPSS
CVE
CVE
added 2012/12/12 11:0 a.m.52 views

CVE-2012-4972

Layton Helpbox 4.4.0 is affected by cross-site scripting (XSS) vulnerabilities. Exploitable via writesolutionuser.asp (parameters: sys_solution_id, sys_requesttype_id, sys_problem_desc, sys_solution_desc, sys_problemsummary, usr_Action_testing, usr_Escalation, usr_Additional_Resources) and delete...

4.3CVSS5.8AI score0.01148EPSS
CVE
CVE
added 2008/01/09 9:0 p.m.50 views

CVE-2007-5403

CVE-2007-5403 affects Layton HelpBox 3.7.1 with multiple cross-site scripting (XSS) vulnerabilities. The issues allow remote injection of arbitrary script/HTML via various form fields (Forename, Surname, Telephone, Fax; Asset, Location, Problem Desc, Solution Desc; End User, Description) and para...

3.5CVSS5.6AI score0.01082EPSS
CVE
CVE
added 2008/01/09 9:0 p.m.49 views

CVE-2007-5401

CVE-2007-5401 : Unrestricted file upload vulnerability in Layton HelpBox 3.7.1’s uploadrequest.asp allows remote attackers with authentication to upload and execute arbitrary ASP files due to improper validation of file extensions. The issue enables uploading executable server-side scripts and is...

6.5CVSS7AI score0.01108EPSS
CVE
CVE
added 2012/12/12 11:0 a.m.47 views

CVE-2012-4975

CVE-2012-4975 affects Layton Helpbox 4.4.0. An authorization bypass exists on editrequestuser.asp: by changing the sys_request_id parameter, a remote authenticated attacker can access and modify other users’ support-ticket data, effectively logging in as another user and altering data. The descri...

4CVSS6.4AI score0.00842EPSS
CVE
CVE
added 2005/11/21 11:0 a.m.45 views

CVE-2004-2551

CVE-2004-2551 describes multiple SQL injection vulnerabilities in Layton HelpBox 3.0.1. The issue allows remote attackers to inject arbitrary SQL commands through a set of input parameters across various scripts (editcommentenduser.asp, editsuspensionuser.asp, export_data.asp, manageanalgrouppref...

7.5CVSS8.4AI score0.0229EPSS
CVE
CVE
added 2008/01/09 9:0 p.m.41 views

CVE-2007-5404

Layton HelpBox 3.7.1 is affected by a username enumeration flaw: authentication responses differ for valid vs. invalid usernames during failed login, enabling remote attackers to determine valid usernames. The CVE description from NVD confirms the issue and impact is limited to credential enumera...

5CVSS6.7AI score0.01186EPSS
CVE
CVE
added 2008/01/09 9:0 p.m.38 views

CVE-2007-5402

CVE-2007-5402 covers multiple SQL injection flaws in Layton HelpBox, affecting version 3.7.1 (and related references to 3.0.1) where an attacker could inject via parameters such as sys_request_id (editrequestenduser.asp, changerequeststatus.asp, editrequestuser.asp, requestcommentsuser.asp, usera...

6.5CVSS8AI score0.00932EPSS