CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2018-0714
https://notcve.org/view.php?id=CVE-2018-0714
13 Aug 2018 — Command injection vulnerability in Helpdesk versions 1.1.21 and earlier in QNAP QTS 4.2.6 build 20180531, QTS 4.3.3 build 20180528, QTS 4.3.4 build 20180528 and their earlier versions could allow remote attackers to run arbitrary commands in the compromised application. Vulnerabilidad de inyección de comandos en Helpdesk en versiones 1.1.21 y anteriores en QNAP QTS 4.2.6 build 20180531, QTS 4.3.3 build 20180528, QTS 4.3.4 build 20180528 y sus versiones anteriores podría permitir que los atacantes remotos ej... • https://www.qnap.com/zh-tw/security-advisory/nas-201808-13 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 13%CPEs: 4EXPL: 2CVE-2007-6347 – ViArt CMS/Shop/Helpdesk 3.3.2 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2007-6347
13 Dec 2007 — PHP remote file inclusion vulnerability in blocks/block_site_map.php in ViArt (1) CMS 3.3.2, (2) HelpDesk 3.3.2, (3) Shop Evaluation 3.3.2, and (4) Shop Free 3.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the root_folder_path parameter. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inclusión remota de archivo en PHP en blocks/block_site_map.php de ViArt (1) CMS 3.3.2, (2) HelpDesk 3.3.2, (3) Shop Evaluation 3.3.2, y (4) Shop Free 3.3.2 per... • https://www.exploit-db.com/exploits/4722 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.8EPSS: 0%CPEs: 13EXPL: 1CVE-2006-6366 – Cerberus Helpdesk 2.x - 'Spellwin.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-6366
07 Dec 2006 — Cross-site scripting (XSS) vulnerability in includes/elements/spellcheck/spellwin.php in Cerberus Helpdesk 0.97.3, 2.0 through 2.7, 3.2.1, and 3.3 allows remote attackers to inject arbitrary web script or HTML via the js parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en includes/elements/spellcheck/spellwin.php de Cerberus Helpdesk 0.97.3, 2.0 hasta 2.7, 3.2.1, y 3... • https://www.exploit-db.com/exploits/29222 •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 3CVE-2004-2736 – Polar Helpdesk 3.0 - Cookie Based Authentication Bypass
https://notcve.org/view.php?id=CVE-2004-2736
31 Dec 2004 — Polar HelpDesk 3.0 allows remote attackers to bypass authentication by setting the UserId and UserType values in a cookie. • https://www.exploit-db.com/exploits/24302 • CWE-287: Improper Authentication •