Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hesk vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2011-5287
Multiple cross-site scripting (XSS) vulnerabilities in HESK prior to 2.4.1 allow remote malicious users to inject arbitrary web script or HTML via the (1) hesk_settings[tmp_title] or (2) hesklang[ENCODING] parameter to inc/header.inc.php; the hesklang[attempt] parameter to (3) in...
Hesk Hesk
4.3
CVSSv2
CVE-2020-13897
HESK prior to 3.1.10 allows reflected XSS.
Hesk Hesk
5
CVSSv2
CVE-2011-3743
Hesk 2.2 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by inc/footer.inc.php and certain other files.
Hesk Hesk 2.2
4.3
CVSSv2
CVE-2020-13992
An issue exists in Mods for HESK 3.1.0 up to and including 2019.1.0. A Stored XSS issue allows remote unauthenticated malicious users to abuse a helpdesk user's logged in session. A user with sufficient privileges to change their login-page image must open a crafted ticket.
Mods-for-hesk Mods For Hesk
6.5
CVSSv2
CVE-2020-13994
An issue exists in Mods for HESK 3.1.0 up to and including 2019.1.0. A privileged user can achieve code execution on the server via a ticket because of improper access control of uploaded resources. This might be exploitable in conjunction with CVE-2020-13992 by an unauthenticate...
Mods-for-hesk Mods For Hesk
5
CVSSv2
CVE-2020-13993
An issue exists in Mods for HESK 3.1.0 up to and including 2019.1.0. A blind time-based SQL injection issue allows remote unauthenticated malicious users to retrieve information from the database via a ticket.
Mods-for-hesk Mods For Hesk
7.5
CVSSv2
CVE-2005-3005
Helpdesk Software Hesk allows remote malicious users to bypass authentication for (1) admin.php and (2) admin_main.php by modifying the PHPSESSID session ID parameter or cookie.
Helpdesk Software Hesk 0.92
Helpdesk Software Hesk 0.93
1 EDB exploit
7.5
CVSSv2
CVE-2005-2843
Helpdesk software Hesk 0.92 does not properly verify usernames and passwords, which allows remote malicious users to bypass authentication via a direct request to admin_main.php.
Helpdesk Software Hesk 0.92
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028
CVE-2024-32406
CVE-2024-25624
IMAP
CVE-2024-2310
CVE-2024-0874
CVE-2024-20359
XXE
remote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started