Helpbox@4.4.0 Security Vulnerabilities and Issues — Helpbox@4.4.0 CVE List

Lucene search

Layton TechnologyHelpbox4.4.0

5 matches found

CVE•added 2012/12/12 11:38 a.m.•43 views

CVE-2012-4971

Multiple SQL injection vulnerabilities in Layton Helpbox 4.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) reqclass parameter to editrequestenduser.asp; the (2) sys_request_id parameter to editrequestuser.asp; the (3) sys_request_id parameter to enduseractions.asp; the (4) ...

7.5CVSS8.6AI score0.00319EPSS

CVE•added 2012/12/12 11:38 a.m.•42 views

CVE-2012-4972

Multiple cross-site scripting (XSS) vulnerabilities in Layton Helpbox 4.4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) sys_solution_id, (2) sys_requesttype_id, (3) sys_problem_desc, (4) sys_solution_desc, (5) sys_problemsummary, (6) usr_Action_testing, (7) usr_Escalat...

4.3CVSS5.8AI score0.00326EPSS

CVE•added 2012/12/12 11:38 a.m.•42 views

CVE-2012-4976

selectawasset.asp in Layton Helpbox 4.4.0 allows remote attackers to discover ODBC database credentials via an element=sys_asset_id request, which is not properly handled during construction of an error page.

5CVSS6.8AI score0.0025EPSS

CVE•added 2012/12/12 11:38 a.m.•40 views

CVE-2012-4977

Layton Helpbox 4.4.0 allows remote attackers to discover cleartext credentials for the login page by sniffing the network.

5CVSS6.9AI score0.0025EPSS

CVE•added 2012/12/12 11:38 a.m.•35 views

CVE-2012-4975

editrequestuser.asp in Layton Helpbox 4.4.0 allows remote authenticated users to change arbitrary support-ticket data via a modified sys_request_id parameter.

4CVSS6.4AI score0.00171EPSS