CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2008-0395
https://notcve.org/view.php?id=CVE-2008-0395
Kayako SupportSuite 3.11.01 allows remote attackers to obtain server configuration information via a direct request to syncml/index.php, which prints the contents of the $_SERVER superglobal. Kayako SupportSuite 3.11.01 permite a atacantes remotos obtener información de la configuración del servidor a través de una respuesta directa en syncml/index.php, el cual imprime el contenido de $_SERVER superglobal. • http://secunia.com/advisories/28613 http://securityreason.com/securityalert/3573 http://www.securityfocus.com/archive/1/486762/100/0/threaded http://www.waraxe.us/advisory-63.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2006-5825 – Kayako SupportSuite 3.0.32 - 'index.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-5825
Cross-site scripting (XSS) vulnerability in index.php in Kayako SupportSuite 3.00.32 allows remote attackers to inject arbitrary web script or HTML via the query string. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en index.php de Kayako SupportSuite 3.00.32 permite a atacantes remotos inyectar scripts web o HTML de su elección mediante la cadena de consulta. • https://www.exploit-db.com/exploits/28939 http://builds.kayako.net http://securityreason.com/securityalert/1838 http://www.securityfocus.com/archive/1/450829/100/0/threaded http://www.securityfocus.com/bid/20954 https://exchange.xforce.ibmcloud.com/vulnerabilities/30095 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2005-4637 – Kayako SupportSuite 3.0 0.26 - Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2005-4637
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Kayako SupportSuite 3.00.26 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) nav parameter in the downloads module, (2) Full Name and (3) Email fields in the core module, (4) Full Name, (5) Email, and (6) Subject fields in the tickets module, or (7) Registered Email field in the lostpassword feature in the core module. • https://www.exploit-db.com/exploits/26994 http://pridels0.blogspot.com/2005/12/kayako-supportsuite-multiple-vuln.html http://www.osvdb.org/22224 http://www.osvdb.org/22225 http://www.securityfocus.com/bid/16094 https://exchange.xforce.ibmcloud.com/vulnerabilities/23916 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2005-4638
https://notcve.org/view.php?id=CVE-2005-4638
index.php in Kayako SupportSuite 3.00.26 and earlier allow remote attackers to obtain the full path via (1) _a and (2) newsid parameters in the news module, (3) downloaditemid parameter in the downloads module, and (4) kbarticleid parameter in the knowledgebase module. • http://pridels0.blogspot.com/2005/12/kayako-supportsuite-multiple-vuln.html http://www.osvdb.org/22226 https://exchange.xforce.ibmcloud.com/vulnerabilities/23917 •