Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hesk hesk vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2011-5287
Multiple cross-site scripting (XSS) vulnerabilities in HESK prior to 2.4.1 allow remote malicious users to inject arbitrary web script or HTML via the (1) hesk_settings[tmp_title] or (2) hesklang[ENCODING] parameter to inc/header.inc.php; the hesklang[attempt] parameter to (3) in...
Hesk Hesk
4.3
CVSSv2
CVE-2020-13897
HESK prior to 3.1.10 allows reflected XSS.
Hesk Hesk
5
CVSSv2
CVE-2011-3743
Hesk 2.2 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by inc/footer.inc.php and certain other files.
Hesk Hesk 2.2
4.3
CVSSv2
CVE-2020-13992
An issue exists in Mods for HESK 3.1.0 up to and including 2019.1.0. A Stored XSS issue allows remote unauthenticated malicious users to abuse a helpdesk user's logged in session. A user with sufficient privileges to change their login-page image must open a crafted ticket.
Mods-for-hesk Mods For Hesk
5
CVSSv2
CVE-2020-13993
An issue exists in Mods for HESK 3.1.0 up to and including 2019.1.0. A blind time-based SQL injection issue allows remote unauthenticated malicious users to retrieve information from the database via a ticket.
Mods-for-hesk Mods For Hesk
6.5
CVSSv2
CVE-2020-13994
An issue exists in Mods for HESK 3.1.0 up to and including 2019.1.0. A privileged user can achieve code execution on the server via a ticket because of improper access control of uploaded resources. This might be exploitable in conjunction with CVE-2020-13992 by an unauthenticate...
Mods-for-hesk Mods For Hesk
7.5
CVSSv2
CVE-2005-3005
Helpdesk Software Hesk allows remote malicious users to bypass authentication for (1) admin.php and (2) admin_main.php by modifying the PHPSESSID session ID parameter or cookie.
Helpdesk Software Hesk 0.92
Helpdesk Software Hesk 0.93
1 EDB exploit
7.5
CVSSv2
CVE-2005-2843
Helpdesk software Hesk 0.92 does not properly verify usernames and passwords, which allows remote malicious users to bypass authentication via a direct request to admin_main.php.
Helpdesk Software Hesk 0.92
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377
CVE-2024-20859
CVE-2023-49606
inject
arbitrary
CVE-2024-33788
CVE-2024-30973
IDOR
CVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started