Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hesk hesk vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2011-5287
Multiple cross-site scripting (XSS) vulnerabilities in HESK prior to 2.4.1 allow remote malicious users to inject arbitrary web script or HTML via the (1) hesk_settings[tmp_title] or (2) hesklang[ENCODING] parameter to inc/header.inc.php; the hesklang[attempt] parameter to (3) in...
Hesk Hesk
383
VMScore
CVE-2020-13897
HESK prior to 3.1.10 allows reflected XSS.
Hesk Hesk
445
VMScore
CVE-2011-3743
Hesk 2.2 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by inc/footer.inc.php and certain other files.
Hesk Hesk 2.2
445
VMScore
CVE-2020-13993
An issue exists in Mods for HESK 3.1.0 up to and including 2019.1.0. A blind time-based SQL injection issue allows remote unauthenticated malicious users to retrieve information from the database via a ticket.
Mods-for-hesk Mods For Hesk
383
VMScore
CVE-2020-13992
An issue exists in Mods for HESK 3.1.0 up to and including 2019.1.0. A Stored XSS issue allows remote unauthenticated malicious users to abuse a helpdesk user's logged in session. A user with sufficient privileges to change their login-page image must open a crafted ticket.
Mods-for-hesk Mods For Hesk
578
VMScore
CVE-2020-13994
An issue exists in Mods for HESK 3.1.0 up to and including 2019.1.0. A privileged user can achieve code execution on the server via a ticket because of improper access control of uploaded resources. This might be exploitable in conjunction with CVE-2020-13992 by an unauthenticate...
Mods-for-hesk Mods For Hesk
755
VMScore
CVE-2005-3005
Helpdesk Software Hesk allows remote malicious users to bypass authentication for (1) admin.php and (2) admin_main.php by modifying the PHPSESSID session ID parameter or cookie.
Helpdesk Software Hesk 0.92
Helpdesk Software Hesk 0.93
1 EDB exploit
668
VMScore
CVE-2005-2843
Helpdesk software Hesk 0.92 does not properly verify usernames and passwords, which allows remote malicious users to bypass authentication via a direct request to admin_main.php.
Helpdesk Software Hesk 0.92
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304
CVE-2024-4240
arbitrary
CVE-2024-31601
XSS
CVE-2023-20198
CVE-2024-4256
CVE-2024-3342
encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started