CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2008-6440
https://notcve.org/view.php?id=CVE-2008-6440
06 Mar 2009 — Cerberus Helpdesk before 4.0 (Build 600) allows remote attackers to obtain sensitive information via direct requests for "controllers ... that aren't standard helpdesk pages," possibly involving the (1) /display and (2) /kb URIs. Cerberus Helpdesk versiones anteriores a v4.0 (Build 600) permite a atacantes remotos obtener información sensible a través de peticiones directas para "controladores ... que no están en páginas estándar de ayuda," posiblemente envolviendo las URIs (1) /display y (2) /kb. • http://secunia.com/advisories/30344 • CWE-287: Improper Authentication •
CVSS: 6.8EPSS: 0%CPEs: 13EXPL: 1CVE-2006-6366 – Cerberus Helpdesk 2.x - 'Spellwin.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-6366
07 Dec 2006 — Cross-site scripting (XSS) vulnerability in includes/elements/spellcheck/spellwin.php in Cerberus Helpdesk 0.97.3, 2.0 through 2.7, 3.2.1, and 3.3 allows remote attackers to inject arbitrary web script or HTML via the js parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en includes/elements/spellcheck/spellwin.php de Cerberus Helpdesk 0.97.3, 2.0 hasta 2.7, 3.2.1, y 3... • https://www.exploit-db.com/exploits/29222 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2005-1962
https://notcve.org/view.php?id=CVE-2005-1962
14 Jun 2005 — Cross-site scripting (XSS) vulnerability in Cerberus Helpdesk 0.97.3 allows remote attackers to inject arbitrary web script or HTML via the (1) errorcode parameter to index.php or (2) certain fields to clients.php. • http://echo.or.id/adv/adv15-theday-2005.txt •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 2CVE-2005-1963
https://notcve.org/view.php?id=CVE-2005-1963
14 Jun 2005 — Cerberus Helpdesk 0.97.3 allows remote attackers to obtain sensitive information via certain requests to (1) reports.php, (2) knowledgebase.php, or (3) configuration.php, which leaks the information in a PHP error message. • http://echo.or.id/adv/adv15-theday-2005.txt •