CVE-2007-6550 – PMOS Help Desk 2.4 - Remote Command Execution
https://notcve.org/view.php?id=CVE-2007-6550
form.php in PMOS Help Desk 2.4 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct eval injection attacks and execute arbitrary PHP code via the options array parameter. form.php de PMOS Help Desk 2.4 y versiones anteriores envía un re-dirección a el navegador web pero no finaliza, lo cual permite a atacantes remotos conducir ataques de inyección de evaluación directa de código dinámico y ejecutar código PHP de su elección mediante el parámetro de opciones de array. • https://www.exploit-db.com/exploits/4789 http://osvdb.org/42662 http://secunia.com/advisories/28201 http://www.securityfocus.com/bid/27032 http://www.vupen.com/english/advisories/2007/4321 https://exchange.xforce.ibmcloud.com/vulnerabilities/39274 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2006-6158 – PMOS Help Desk 2.3 - 'ticket.php?email' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-6158
Multiple cross-site scripting (XSS) vulnerabilities in (a) PMOS Help Desk 2.4, formerly (b) InverseFlow Help Desk 2.31 and also sold as (c) Ace Helpdesk 2.31, allow remote attackers to inject arbitrary web script or HTML via the (1) id or email parameter to ticketview.php, or (2) the email parameter to ticket.php. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en (a) PMOS Help Desk 2.4, antiguamente (b) InverseFlow Help Desk 2.31 y también vendido como (c) Ace Helpdesk 2.31, permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante los parámetros (1) email o id a ticketview.php, o el (2) parámetro email a ticket.php. • https://www.exploit-db.com/exploits/29166 https://www.exploit-db.com/exploits/29165 http://secunia.com/advisories/23052 http://secunia.com/advisories/23070 http://secunia.com/advisories/23071 http://securityreason.com/securityalert/1928 http://www.attrition.org/pipermail/vim/2006-November/001148.html http://www.osvdb.org/30667 http://www.osvdb.org/34034 http://www.securityfocus.com/archive/1/452397/100/0/threaded http://www.securityfocus.com/bid/21250 http://www. •