Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
help desk vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2015-1026
Multiple cross-site scripting (XSS) vulnerabilities in ZOHO ManageEngine ADManager Plus prior to 6.2 Build 6270 allow remote malicious users to inject arbitrary web script or HTML via the (1) technicianSearchText parameter to the Help Desk Technician page or (2) rolesSearchText p...
Zohocorp Manageengine Admanager Plus
312
VMScore
CVE-2019-16955
SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG document in a request.
Solarwinds Webhelpdesk 12.7.0
312
VMScore
CVE-2019-16957
SolarWinds Web Help Desk 12.7.0 allows XSS via the First Name field of a User Account.
Solarwinds Webhelpdesk 12.7.0
356
VMScore
CVE-2019-16959
SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket.
Solarwinds Webhelpdesk 12.7.0
801
VMScore
CVE-2012-0366
Cisco Unity Connection prior to 7.1.3b(Su2) allows remote authenticated users to change the administrative password by leveraging the Help Desk Administrator role, aka Bug ID CSCtd45141.
Cisco Unity Connection 7.1\\(3a\\)su1
Cisco Unity Connection 7.1\\(3a\\)su1a
Cisco Unity Connection 7.1\\(5\\)
Cisco Unity Connection 7.1\\(5a\\)
Cisco Unity Connection 7.1\\(5b\\)
Cisco Unity Connection 2.1\\(3\\)
Cisco Unity Connection 2.1\\(4\\)
Cisco Unity Connection 2.1\\(5\\)
Cisco Unity Connection 2.1\\(4a\\)
Cisco Unity Connection 1.1\\(1\\)
Cisco Unity Connection 1.1\\(1\\) Es1
Cisco Unity Connection 1.1\\(1\\) Es12
Cisco Unity Connection 1.1\\(1\\) Sr1
Cisco Unity Connection 7.1\\(2\\)
Cisco Unity Connection 7.1\\(2b\\)
Cisco Unity Connection 7.1\\(2b\\)su1
Cisco Unity Connection 7.1\\(2a\\)
Cisco Unity Connection 7.0
Cisco Unity Connection 7.0\\(2\\)
Cisco Unity Connection 7.0\\(2a\\)su2
Cisco Unity Connection 7.0\\(2a\\)su3
Cisco Unity Connection 2.1\\(3b\\)su1
383
VMScore
CVE-2021-29267
Sherlock SherlockIM through 2021-03-29 allows Cross Site Scripting (XSS) by leveraging the api/Files/Attachment URI to attack help-desk staff via the chatbot feature.
Sherlockim Sherlockim
1 Github repository
435
VMScore
CVE-2018-15608
Zoho ManageEngine ADManager Plus 6.5.7 allows HTML Injection on the "AD Delegation" "Help Desk Technicians" screen.
Manageengine Admanager Plus 6.5.7
1 EDB exploit
NA
CVE-2023-39912
Zoho ManageEngine ADManager Plus prior to 7203 allows Help Desk Technician users to read arbitrary files on the machine where this product is installed.
Zohocorp Manageengine Admanager Plus
755
VMScore
CVE-2017-11346
Zoho ManageEngine Desktop Central before build 100092 allows remote malicious users to execute arbitrary code via vectors involving the upload of help desk videos.
Zohocorp Manageengine Desktop Central
1 EDB exploit
802
VMScore
CVE-2022-22798
Sysaid – Pro Plus Edition, SysAid Help Desk Broken Access Control v20.4.74 b10, v22.1.20 b62, v22.1.30 b49 - An attacker needs to log in as a guest after that the system redirects him to the service portal or EndUserPortal.JSP, then he needs to change the path in the URL to...
Sysaid Sysaid
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
NEXT »