10 matches found
CVE-2012-4971
CVE-2012-4971 describes multiple SQL injection vulnerabilities in Layton Helpbox 4.4.0. The affected components include various ASP pages and parameters such as editrequestenduser.asp (reqclass), editrequestuser.asp (sys_request_id), enduseractions.asp (sys_request_id), enduserreopenrequeststatus...
CVE-2012-4977
CVE-2012-4977 affects Layton Helpbox 4.4.0. The vulnerability allows remote attackers to obtain cleartext credentials from the login page by sniffing unencrypted network traffic. Root cause is unencrypted login handling. Impact is exposure of credentials during authentication. No remediation deta...
CVE-2012-4976
Layton Helpbox 4.4.0 is affected by CVE-2012-4976. The vulnerable page is selectawasset.asp, where the querystring element=sys_asset_id is not properly sanitized during error-page construction, leading to disclosure of ODBC database credentials in cleartext. This credential exposure can allow an ...
CVE-2012-4972
Layton Helpbox 4.4.0 is affected by cross-site scripting (XSS) vulnerabilities. Exploitable via writesolutionuser.asp (parameters: sys_solution_id, sys_requesttype_id, sys_problem_desc, sys_solution_desc, sys_problemsummary, usr_Action_testing, usr_Escalation, usr_Additional_Resources) and delete...
CVE-2007-5403
CVE-2007-5403 affects Layton HelpBox 3.7.1 with multiple cross-site scripting (XSS) vulnerabilities. The issues allow remote injection of arbitrary script/HTML via various form fields (Forename, Surname, Telephone, Fax; Asset, Location, Problem Desc, Solution Desc; End User, Description) and para...
CVE-2007-5401
CVE-2007-5401 : Unrestricted file upload vulnerability in Layton HelpBox 3.7.1’s uploadrequest.asp allows remote attackers with authentication to upload and execute arbitrary ASP files due to improper validation of file extensions. The issue enables uploading executable server-side scripts and is...
CVE-2012-4975
CVE-2012-4975 affects Layton Helpbox 4.4.0. An authorization bypass exists on editrequestuser.asp: by changing the sys_request_id parameter, a remote authenticated attacker can access and modify other users’ support-ticket data, effectively logging in as another user and altering data. The descri...
CVE-2004-2551
CVE-2004-2551 describes multiple SQL injection vulnerabilities in Layton HelpBox 3.0.1. The issue allows remote attackers to inject arbitrary SQL commands through a set of input parameters across various scripts (editcommentenduser.asp, editsuspensionuser.asp, export_data.asp, manageanalgrouppref...
CVE-2007-5404
Layton HelpBox 3.7.1 is affected by a username enumeration flaw: authentication responses differ for valid vs. invalid usernames during failed login, enabling remote attackers to determine valid usernames. The CVE description from NVD confirms the issue and impact is limited to credential enumera...
CVE-2007-5402
CVE-2007-5402 covers multiple SQL injection flaws in Layton HelpBox, affecting version 3.7.1 (and related references to 3.0.1) where an attacker could inject via parameters such as sys_request_id (editrequestenduser.asp, changerequeststatus.asp, editrequestuser.asp, requestcommentsuser.asp, usera...