CVE-2005-4427 – Cerberus Helpdesk 2.649 - 'addresses_export.php?queues' SQL Injection
https://notcve.org/view.php?id=CVE-2005-4427
Multiple SQL injection vulnerabilities in Cerberus Helpdesk allow remote attackers to execute arbitrary SQL commands via the (1) file_id parameter to attachment_send.php, (2) the $addy variable in email_parser.php, (3) $address variable in email_parser.php, (4) $a_address variable in structs.php, (5) kbid parameter to cer_KnowledgebaseHandler.class.php, (6) queues[] parameter to addresses_export.php, (7) $thread variable to display.php, (8) ticket parameter to display_ticket_thread.php. • https://www.exploit-db.com/exploits/26974 https://www.exploit-db.com/exploits/26973 https://www.exploit-db.com/exploits/26975 http://forum.cerberusweb.com/showthread.php?s=&postid=30315 http://marc.info/?l=full-disclosure&m=113500878630130&w=2 http://secunia.com/advisories/18112 http://www.osvdb.org/21988 http://www.osvdb.org/21990 http://www.osvdb.org/21991 http://www.osvdb.org/21992 http://www.osvdb.org/21993 http://www.osvdb.org/21994 http:/ •
CVE-2005-3502
https://notcve.org/view.php?id=CVE-2005-3502
attachment_send.php in Cerberus Helpdesk allows remote attackers to view attachments and tickets of other users via a modified file_id parameter. • http://marc.info/?l=full-disclosure&m=113109433413298&w=2 http://secunia.com/advisories/17431 http://securitytracker.com/id?1015153 http://www.osvdb.org/20461 http://www.securityfocus.com/bid/15315 •
CVE-2005-1962
https://notcve.org/view.php?id=CVE-2005-1962
Cross-site scripting (XSS) vulnerability in Cerberus Helpdesk 0.97.3 allows remote attackers to inject arbitrary web script or HTML via the (1) errorcode parameter to index.php or (2) certain fields to clients.php. • http://echo.or.id/adv/adv15-theday-2005.txt http://forum.cerberusweb.com/showthread.php?threadid=5162&goto=newpost http://secunia.com/advisories/15641 http://securitytracker.com/id?1014128 •
CVE-2005-1963
https://notcve.org/view.php?id=CVE-2005-1963
Cerberus Helpdesk 0.97.3 allows remote attackers to obtain sensitive information via certain requests to (1) reports.php, (2) knowledgebase.php, or (3) configuration.php, which leaks the information in a PHP error message. • http://echo.or.id/adv/adv15-theday-2005.txt http://forum.cerberusweb.com/showthread.php?threadid=5162&goto=newpost http://secunia.com/advisories/15641 http://securitytracker.com/id?1014128 http://www.wgmdev.com/jira/browse/CERB-170 •