Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hesk hesk vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2020-13994
An issue exists in Mods for HESK 3.1.0 up to and including 2019.1.0. A privileged user can achieve code execution on the server via a ticket because of improper access control of uploaded resources. This might be exploitable in conjunction with CVE-2020-13992 by an unauthenticate...
Mods-for-hesk Mods For Hesk
7.5
CVSSv3
CVE-2020-13993
An issue exists in Mods for HESK 3.1.0 up to and including 2019.1.0. A blind time-based SQL injection issue allows remote unauthenticated malicious users to retrieve information from the database via a ticket.
Mods-for-hesk Mods For Hesk
6.1
CVSSv3
CVE-2020-13992
An issue exists in Mods for HESK 3.1.0 up to and including 2019.1.0. A Stored XSS issue allows remote unauthenticated malicious users to abuse a helpdesk user's logged in session. A user with sufficient privileges to change their login-page image must open a crafted ticket.
Mods-for-hesk Mods For Hesk
6.1
CVSSv3
CVE-2020-13897
HESK prior to 3.1.10 allows reflected XSS.
Hesk Hesk
NA
CVE-2011-5287
Multiple cross-site scripting (XSS) vulnerabilities in HESK prior to 2.4.1 allow remote malicious users to inject arbitrary web script or HTML via the (1) hesk_settings[tmp_title] or (2) hesklang[ENCODING] parameter to inc/header.inc.php; the hesklang[attempt] parameter to (3) in...
Hesk Hesk
NA
CVE-2011-3743
Hesk 2.2 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by inc/footer.inc.php and certain other files.
Hesk Hesk 2.2
NA
CVE-2005-3005
Helpdesk Software Hesk allows remote malicious users to bypass authentication for (1) admin.php and (2) admin_main.php by modifying the PHPSESSID session ID parameter or cookie.
Helpdesk Software Hesk 0.92
Helpdesk Software Hesk 0.93
1 EDB exploit
NA
CVE-2005-2843
Helpdesk software Hesk 0.92 does not properly verify usernames and passwords, which allows remote malicious users to bypass authentication via a direct request to admin_main.php.
Helpdesk Software Hesk 0.92
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started