Help Desk

CVEs (5)

CVE	Vendor / Product	Risk	CVSS	EPSS	Published	Description
CVE-2008-6057	Doug Luxem Help Desk	0.03	—	0.02	Feb 4, 2009	Doug Luxem Liberum Help Desk 0.97.3 stores db/helpdesk2000.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request.
CVE-2006-6160	Doug Luxem Help Desk	0.03	—	0.01	Nov 28, 2006	SQL injection vulnerability in details.asp in Doug Luxem Liberum Help Desk 0.97.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-6161	Doug Luxem Help Desk	0.00	—	0.01	Nov 28, 2006	Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk 0.97.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) uid parameter to (a) inout/status.asp, (b) inout/update.asp, and (c) forgotpass.asp. NOTE: The provenance of…
CVE-2005-1839	Doug Luxem Help Desk	0.00	—	0.01	Jun 2, 2005	Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk 0.97.3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.asp or (2) print.asp or (3) edit parameter to register.asp.
CVE-2005-1838	Doug Luxem Help Desk	0.00	—	0.01	Jun 2, 2005	Multiple cross-site scripting vulnerabilities in castnewPost.asp in Liberum Help Desk 0.97.3 allow remote attackers to inject arbitrary web script or HTML via the (1) Email, (2) Title, or (3) Description fields.

CVE-2008-6057Feb 4, 2009
Doug Luxem
Help Desk
risk 0.03cvss —epss 0.02
Doug Luxem Liberum Help Desk 0.97.3 stores db/helpdesk2000.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request.
CVE-2006-6160Nov 28, 2006
Doug Luxem
Help Desk
risk 0.03cvss —epss 0.01
SQL injection vulnerability in details.asp in Doug Luxem Liberum Help Desk 0.97.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-6161Nov 28, 2006
Doug Luxem
Help Desk
risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk 0.97.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) uid parameter to (a) inout/status.asp, (b) inout/update.asp, and (c) forgotpass.asp. NOTE: The provenance of…
CVE-2005-1839Jun 2, 2005
Doug Luxem
Help Desk
risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk 0.97.3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.asp or (2) print.asp or (3) edit parameter to register.asp.
CVE-2005-1838Jun 2, 2005
Doug Luxem
Help Desk
risk 0.00cvss —epss 0.01
Multiple cross-site scripting vulnerabilities in castnewPost.asp in Liberum Help Desk 0.97.3 allow remote attackers to inject arbitrary web script or HTML via the (1) Email, (2) Title, or (3) Description fields.