Lucene search
K
OneorzeroOneorzero Helpdesk

5 matches found

CVE
CVE
added 2003/05/17 4:0 a.m.56 views

CVE-2003-0303

CVE-2003-0303 corresponds to a SQL injection in OneOrZero Helpdesk 1.4 RC4. The vulnerability allows remote attackers to modify arbitrary ticket number descriptions via the sg parameter (tupdate.php), affecting the integrity of the helpdesk data without affecting confidentiality. Connected source...

5CVSS7.7AI score0.02531EPSS
CVE
CVE
added 2006/10/24 8:0 p.m.55 views

CVE-2006-5474

The CVE-2006-5474 entry concerns OneOrZero Helpdesk versions before 1.6.5.4. Root cause: the forgot-password function generates passwords by concatenating the current timestamp with the username, enabling remote attackers to gain access to an arbitrary user via a password reset request. Impact: u...

7.5CVSS7.5AI score0.01839EPSS
CVE
CVE
added 2009/03/12 3:0 p.m.54 views

CVE-2009-0886

The CVE corresponds to a local file inclusion (LFI) vulnerability in OneOrZero Helpdesk

5CVSS6.8AI score0.06539EPSS
CVE
CVE
added 2003/05/17 4:0 a.m.42 views

CVE-2003-0304

The CVE-2003-0304 entry concerns One||Zero Helpdesk 1.4 rc4, where remote attackers can create administrator accounts by directly invoking the Helpdesk Installation script (install.php). The vulnerability arises from improper handling of installation script execution, enabling privilege escalatio...

10CVSS7.1AI score0.08062EPSS
CVE
CVE
added 2007/10/30 9:0 p.m.42 views

CVE-2007-5727

CVE-2007-5727 describes an incomplete blacklist vulnerability in OneOrZero Helpdesk (common.php, stripScripts) that allows remote XSS via the description parameter to tcreate.php or tupdate.php (e.g., using an onmouseover event in a tag). Affected versions include 1.6.5.4 and 1.6.4.2, with poten...

4.3CVSS5.4AI score0.0192EPSS