Vulnerabilities > Cerberus > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-03-06 | CVE-2008-6440 | Improper Authentication vulnerability in multiple products Cerberus Helpdesk before 4.0 (Build 600) allows remote attackers to obtain sensitive information via direct requests for "controllers ... | 5.0 |
2007-11-10 | CVE-2007-5930 | Cross-Site Scripting vulnerability in Cerberus FTP Server Cross-site scripting (XSS) vulnerability in the web interface in Cerberus FTP Server before 2.46 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2006-12-07 | CVE-2006-6366 | Cross-Site Scripting vulnerability in Cerberus Helpdesk Spellwin.PHP Cross-site scripting (XSS) vulnerability in includes/elements/spellcheck/spellwin.php in Cerberus Helpdesk 0.97.3, 2.0 through 2.7, 3.2.1, and 3.3 allows remote attackers to inject arbitrary web script or HTML via the js parameter. network cerberus | 6.8 |
2006-10-20 | CVE-2006-5428 | Unspecified vulnerability in Cerberus Helpdesk 3.2.1 rpc.php in Cerberus Helpdesk 3.2.1 does not verify a client's privileges for a display_get_requesters operation, which allows remote attackers to bypass the GUI login and obtain sensitive information (ticket data) via a direct request. | 5.0 |
2006-02-01 | CVE-2006-0509 | Cross-Site Scripting vulnerability in Cerberus Helpdesk 2.7/2.7.1Developmentrelease Multiple cross-site scripting (XSS) vulnerabilities in clients.php in Cerberus Helpdesk, possibly 2.7, allow remote attackers to inject arbitrary web script or HTML via (1) the contact_search parameter and (2) unspecified url fields. network cerberus | 4.3 |
2005-12-20 | CVE-2005-4428 | Input Validation vulnerability in Cerberus Helpdesk 2.649 Cross-site scripting (XSS) vulnerability in index.php in Cerberus Helpdesk allows remote attackers to inject arbitrary web script or HTML via the kb_ask parameter. network cerberus | 4.3 |
2005-11-05 | CVE-2005-3502 | Information Disclosure vulnerability in Cerberus Helpdesk attachment_send.php in Cerberus Helpdesk allows remote attackers to view attachments and tickets of other users via a modified file_id parameter. | 5.0 |
2005-06-16 | CVE-2005-1963 | Information Disclosure vulnerability in Cerberus Helpdesk 0.97.3 Cerberus Helpdesk 0.97.3 allows remote attackers to obtain sensitive information via certain requests to (1) reports.php, (2) knowledgebase.php, or (3) configuration.php, which leaks the information in a PHP error message. | 5.0 |
2005-06-16 | CVE-2005-1962 | Cross-Site Scripting vulnerability in Cerberus Helpdesk 0.97.3 Cross-site scripting (XSS) vulnerability in Cerberus Helpdesk 0.97.3 allows remote attackers to inject arbitrary web script or HTML via the (1) errorcode parameter to index.php or (2) certain fields to clients.php. network cerberus | 4.3 |