Page 2 of 14 results (0.004 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this cross-site request forgery (CSRF) vulnerability could allow attackers to force NAS users to execute unintentional actions through a web application. QNAP has already fixed the issue in Helpdesk 3.0.3 and later. Se ha reportado que la vulnerabilidad afecta a versiones anteriores de Helpdesk. Si es explotada, esta vulnerabilidad de tipo cross-site request forgery (CSRF) podría permitir a atacantes obligar a usuarios del NAS a ejecutar acciones involuntarias por medio de una aplicación web. • https://www.qnap.com/zh-tw/security-advisory/qsa-20-05 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

This improper access control vulnerability in Helpdesk allows attackers to get control of QNAP Kayako service. Attackers can access the sensitive data on QNAP Kayako server with API keys. We have replaced the API key to mitigate the vulnerability, and already fixed the issue in Helpdesk 3.0.1 and later versions. Esta vulnerabilidad de control de acceso inadecuado en Helpdesk permite a atacantes obtener el control del servicio QNAP Kayako. Los atacantes pueden acceder a los datos confidenciales en el servidor QNAP Kayako con claves de la API. • https://www.qnap.com/zh-tw/security-advisory/qsa-20-03 • CWE-284: Improper Access Control CWE-321: Use of Hard-coded Cryptographic Key CWE-798: Use of Hard-coded Credentials •

CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0

The documentation component in i-net Clear Reports 16.0 to 19.2, HelpDesk 8.0 to 8.3, and PDFC 4.3 to 6.2 allows a remote unauthenticated attacker to read arbitrary system files and directories on the target server via Directory Traversal. El componente documentation en i-net Clear Reports versiones 16.0 hasta 19.2, HelpDesk versiones 8.0 hasta 8.3 y PDFC versiones 4.3 hasta 6.2, permite a un atacante remoto no autenticado leer archivos y directorios arbitrarios del sistema en el servidor objetivo por medio de un Salto de Directorio. • https://www.inetsoftware.de/documentation/clear-reports/release-notes/releases/changes_19.2 https://www.inetsoftware.de/support/news/i-net-clear-reports-security-advisory-2020-apr-06 https://www.inetsoftware.de/support/news/i-net-helpdesk-sicherheitsankuendigung-2020-apr-06 https://www.inetsoftware.de/support/news/i-net-pdfc-security-advisory-2020-apr-06 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

This improper access control vulnerability in Helpdesk allows attackers to access the system logs. To fix the vulnerability, QNAP recommend updating QTS and Helpdesk to their latest versions. Esta vulnerabilidad de control de acceso inapropiado en Helpdesk permite a atacantes acceder a los registros del sistema. Para corregir la vulnerabilidad, QNAP recomienda actualizar QTS y Helpdesk a sus últimas versiones. • https://www.qnap.com/zh-tw/security-advisory/nas-201911-20 • CWE-269: Improper Privilege Management •

CVSS: 7.2EPSS: 4%CPEs: 1EXPL: 2

Jitbit Helpdesk before 9.0.3 allows remote attackers to escalate privileges because of mishandling of the User/AutoLogin userHash parameter. By inspecting the token value provided in a password reset link, a user can leverage a weak PRNG to recover the shared secret used by the server for remote authentication. The shared secret can be used to escalate privileges by forging new tokens for any user. These tokens can be used to automatically log in as the affected user. Jitbit Helpdesk en versiones anteriores a 9.0.3, permite a los atacantes remotos escalar privilegios debido al manejo inapropiado del parámetro userHash del archivo User/AutoLogin. • https://github.com/Kc57/JitBit_Helpdesk_Auth_Bypass https://packetstormsecurity.com/files/144334/JitBit-Helpdesk-9.0.2-Broken-Authentication.html https://www.exploit-db.com/exploits/42776 https://www.trustedsec.com/2017/09/full-disclosure-jitbit-helpdesk-authentication-bypass-0-day • CWE-332: Insufficient Entropy in PRNG •