CVSS: 2.6EPSS: 1%CPEs: 2EXPL: 2CVE-2006-4011 – Kayako eSupport 2.3.1 - 'subd' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-4011
PHP remote file inclusion vulnerability in esupport/admin/autoclose.php in Kayako eSupport 2.3.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the subd parameter. Vulnerabilidad de inclusión remota de archivo en PHP en esupport/admin/autoclose.php de Kayako eSupport 2.3.1 y anteriores, cuando register_globals está habilitado, permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro subd. • https://www.exploit-db.com/exploits/2115 http://secunia.com/advisories/21330 http://www.securityfocus.com/bid/19315 https://exchange.xforce.ibmcloud.com/vulnerabilities/28199 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2005-0842 – Kayako ESupport 2.3 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2005-0842
Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) _i or (2) _c parameter. • https://www.exploit-db.com/exploits/25257 http://marc.info/?l=bugtraq&m=111151292704335&w=2 http://secunia.com/advisories/13563 •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2005-0487
https://notcve.org/view.php?id=CVE-2005-0487
Cross-site scripting (XSS) vulnerability in index.php for Kayako ESupport 2.3.1, and possibly other versions, allows remote attackers to inject arbitrary HTML and web script via the nav parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados en index.php para Kayako ESupport 2.3.1 y posiblemete otras versiones, permite a atacantes remotos la inyección de HTML arbitrario y scripts web, mediante el parámetro nav. • http://marc.info/?l=full-disclosure&m=110845724029888&w=2 http://www.securityfocus.com/bid/12563 https://exchange.xforce.ibmcloud.com/vulnerabilities/18571 •
CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 3CVE-2004-1413 – Kayako eSupport 2.x - Ticket System Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2004-1413
Multiple SQL injection vulnerabilities in Kayako eSupport 2.x allow remote attackers to execute arbitrary SQL commands via the (1) subcat, (2) rate, (3) questiondetails, (4) ticketkey22, (5) email22 parameters to index.php, or (6) the e-mail field of the Forgot Key feature. • https://www.exploit-db.com/exploits/25038 http://marc.info/?l=bugtraq&m=110352428607171&w=2 http://www.gulftech.org/?node=research&article_id=00056-12182004 http://www.securityfocus.com/bid/12037 https://exchange.xforce.ibmcloud.com/vulnerabilities/18572 •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 3CVE-2004-1412 – Kayako eSupport 2.x - 'index.php' Knowledgebase Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2004-1412
Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 2.x allows remote attackers to inject arbitrary web script or HTML via the searchm parameter. • https://www.exploit-db.com/exploits/25037 http://marc.info/?l=bugtraq&m=110352428607171&w=2 http://www.gulftech.org/?node=research&article_id=00056-12182004 http://www.securityfocus.com/bid/12037 https://exchange.xforce.ibmcloud.com/vulnerabilities/18571 •