Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
help desk vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2015-3001
SysAid Help Desk prior to 15.2 uses a hardcoded password of Password1 for the sa SQL Server Express user account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password.
Sysaid Sysaid
1 EDB exploit
7.5
CVSSv2
CVE-2007-6550
form.php in PMOS Help Desk 2.4 and previous versions sends a redirect to the web browser but does not exit, which allows remote malicious users to conduct eval injection attacks and execute arbitrary PHP code via the options array parameter.
Pmos Helpdesk Pmos Helpdesk
1 EDB exploit
NA
CVE-2022-47151
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a up to and in...
4
CVSSv2
CVE-2011-4817
The About option on the Help menu in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configu...
Ibm Maximo Asset Management 6.2
Ibm Maximo Asset Management 7.5
Ibm Maximo Asset Management 7.1
Ibm Maximo Asset Management Essentials 7.5
Ibm Maximo Asset Management Essentials 6.2
Ibm Maximo Asset Management Essentials 7.1
Ibm Tivoli Asset Management For It 6.2
Ibm Tivoli Asset Management For It 7.1
Ibm Tivoli Asset Management For It 7.2
Ibm Trivoli Service Request Manager 7.1
Ibm Trivoli Service Request Manager 7.2
Ibm Maximo Service Desk 6.2
Ibm Tivoli Change And Configuration Management Database 6.2
Ibm Tivoli Change And Configuration Management Database 7.1
Ibm Tivoli Change And Configuration Management Database 7.2
NA
CVE-2023-23679
Authorization Bypass Through User-Controlled Key vulnerability in JS Help Desk js-support-ticket allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JS Help Desk: from n/a up to and including 2.7.7.
Jshelpdesk Jshelpdesk
7.5
CVSSv2
CVE-2005-4025
Help Desk Reloaded Free Help Desk does not remove or protect install.php once installation is complete, which allows remote malicious users to gain privileges via a direct request to install.php, then navigating to accountsetup.php and creating a new user.
NA
CVE-2023-37890
Missing Authorization vulnerability in WPOmnia KB Support – WordPress Help Desk and Knowledge Base allows Accessing Functionality Not Properly Constrained by ACLs. Users with a role as low as a subscriber can view other customers.This issue affects KB Support – WordPr...
Liquidweb Kb Support
3.6
CVSSv2
CVE-2021-35232
Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password has...
Solarwinds Webhelpdesk
4.3
CVSSv2
CVE-2015-1026
Multiple cross-site scripting (XSS) vulnerabilities in ZOHO ManageEngine ADManager Plus prior to 6.2 Build 6270 allow remote malicious users to inject arbitrary web script or HTML via the (1) technicianSearchText parameter to the Help Desk Technician page or (2) rolesSearchText p...
Zohocorp Manageengine Admanager Plus
3.5
CVSSv2
CVE-2019-16955
SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG document in a request.
Solarwinds Webhelpdesk 12.7.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
race condition
CVE-2024-4249
CVE-2024-4244
CVE-2023-20198
TCP
CVE-2022-48648
CVE-2022-48636
CVE-2024-21345
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »