3 results (0.004 seconds)

CVSS: 5.0EPSS: 0%CPEs: 14EXPL: 0

Cerberus Helpdesk before 4.0 (Build 600) allows remote attackers to obtain sensitive information via direct requests for "controllers ... that aren't standard helpdesk pages," possibly involving the (1) /display and (2) /kb URIs. Cerberus Helpdesk versiones anteriores a v4.0 (Build 600) permite a atacantes remotos obtener información sensible a través de peticiones directas para "controladores ... que no están en páginas estándar de ayuda," posiblemente envolviendo las URIs (1) /display y (2) /kb. • http://secunia.com/advisories/30344 http://www.cerb4.com/blog/2008/05/15/important-security-patch-40-build-599 http://www.securityfocus.com/bid/29335 • CWE-287: Improper Authentication •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2

Cross-site scripting (XSS) vulnerability in Cerberus Helpdesk 0.97.3 allows remote attackers to inject arbitrary web script or HTML via the (1) errorcode parameter to index.php or (2) certain fields to clients.php. • http://echo.or.id/adv/adv15-theday-2005.txt http://forum.cerberusweb.com/showthread.php?threadid=5162&goto=newpost http://secunia.com/advisories/15641 http://securitytracker.com/id?1014128 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 2

Cerberus Helpdesk 0.97.3 allows remote attackers to obtain sensitive information via certain requests to (1) reports.php, (2) knowledgebase.php, or (3) configuration.php, which leaks the information in a PHP error message. • http://echo.or.id/adv/adv15-theday-2005.txt http://forum.cerberusweb.com/showthread.php?threadid=5162&goto=newpost http://secunia.com/advisories/15641 http://securitytracker.com/id?1014128 http://www.wgmdev.com/jira/browse/CERB-170 •