CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2008-3701 – Kayako SupportSuite 3.x - '/staff/index.php?customfieldlinkid' SQL Injection
https://notcve.org/view.php?id=CVE-2008-3701
SQL injection vulnerability in staff/index.php in Kayako SupportSuite 3.20.02 and earlier allows remote authenticated users to execute arbitrary SQL commands via the customfieldlinkid parameter in a delcflink action. Una vulnerabilidad de inyección SQL en staff/index.php en versiones de Kayako SupportSuite 3.20.02 y anteriores permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través del parámetro customfieldlinkid en una acción delcflink. • https://www.exploit-db.com/exploits/32221 http://forums.kayako.com/f3/3-30-00-stable-released-18304 http://osvdb.org/47616 http://secunia.com/advisories/31431 http://www.gulftech.org/?node=research&article_id=00123-08092008 http://www.securityfocus.com/bid/30642 https://exchange.xforce.ibmcloud.com/vulnerabilities/44384 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2008-0395
https://notcve.org/view.php?id=CVE-2008-0395
Kayako SupportSuite 3.11.01 allows remote attackers to obtain server configuration information via a direct request to syncml/index.php, which prints the contents of the $_SERVER superglobal. Kayako SupportSuite 3.11.01 permite a atacantes remotos obtener información de la configuración del servidor a través de una respuesta directa en syncml/index.php, el cual imprime el contenido de $_SERVER superglobal. • http://secunia.com/advisories/28613 http://securityreason.com/securityalert/3573 http://www.securityfocus.com/archive/1/486762/100/0/threaded http://www.waraxe.us/advisory-63.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2007-2562
https://notcve.org/view.php?id=CVE-2007-2562
Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 3.00.90 allows remote attackers to inject arbitrary web script or HTML via the _m parameter. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en index.php en Kayako eSupport 3.00.90 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro _m. • http://osvdb.org/36166 http://securityreason.com/securityalert/2684 http://www.securityfocus.com/archive/1/467832/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/34144 •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2007-1145
https://notcve.org/view.php?id=CVE-2007-1145
Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite - ESupport 3.00.13 and 3.04.10 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a (1) lostpassword or (2) register action in index.php, (3) unspecified vectors in the Submit form in a submit action in index.php, and (4) the user's name in index.php; and (5) allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the Admin and Staff Control Panel. NOTE: this might issue overlap CVE-2004-1412, CVE-2005-0487, or CVE-2005-0842. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Kayako SupportSuite - ESupport 3.00.13 y 3.04.10 permiten a atacantes remotos inyectar scripts web o HTML de su elección mediante vectores no especificados referidos a (1) lostpassword ó (2) acción registrada en index.php, (3) vectores sin especificar en el formulario Submit en una acción submit en index.php, y (4) el nombre de usuario en index.php; y (5) permite a usuarios remotos autenticados inyectar scripts web o HTML de su elección mediante vectores no especificados referidos al panel de control Admin y Staff. NOTA: Esta vulnerabilidad puede solaparse con CVE-2004-1412, CVE-2005-0487, ó CVE-2005-0842. • http://osvdb.org/33535 http://osvdb.org/33536 http://secunia.com/advisories/24223 http://securityreason.com/securityalert/2335 http://www.securityfocus.com/archive/1/460591/100/0/threaded http://www.securityfocus.com/bid/22631 http://www.vupen.com/english/advisories/2007/0717 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2006-5825 – Kayako SupportSuite 3.0.32 - 'index.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-5825
Cross-site scripting (XSS) vulnerability in index.php in Kayako SupportSuite 3.00.32 allows remote attackers to inject arbitrary web script or HTML via the query string. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en index.php de Kayako SupportSuite 3.00.32 permite a atacantes remotos inyectar scripts web o HTML de su elección mediante la cadena de consulta. • https://www.exploit-db.com/exploits/28939 http://builds.kayako.net http://securityreason.com/securityalert/1838 http://www.securityfocus.com/archive/1/450829/100/0/threaded http://www.securityfocus.com/bid/20954 https://exchange.xforce.ibmcloud.com/vulnerabilities/30095 •