5 matches found
CVE-2003-0303
CVE-2003-0303 corresponds to a SQL injection in OneOrZero Helpdesk 1.4 RC4. The vulnerability allows remote attackers to modify arbitrary ticket number descriptions via the sg parameter (tupdate.php), affecting the integrity of the helpdesk data without affecting confidentiality. Connected source...
CVE-2006-5474
The CVE-2006-5474 entry concerns OneOrZero Helpdesk versions before 1.6.5.4. Root cause: the forgot-password function generates passwords by concatenating the current timestamp with the username, enabling remote attackers to gain access to an arbitrary user via a password reset request. Impact: u...
CVE-2009-0886
The CVE corresponds to a local file inclusion (LFI) vulnerability in OneOrZero Helpdesk
CVE-2003-0304
The CVE-2003-0304 entry concerns One||Zero Helpdesk 1.4 rc4, where remote attackers can create administrator accounts by directly invoking the Helpdesk Installation script (install.php). The vulnerability arises from improper handling of installation script execution, enabling privilege escalatio...
CVE-2007-5727
CVE-2007-5727 describes an incomplete blacklist vulnerability in OneOrZero Helpdesk (common.php, stripScripts) that allows remote XSS via the description parameter to tcreate.php or tupdate.php (e.g., using an onmouseover event in a tag). Affected versions include 1.6.5.4 and 1.6.4.2, with poten...