|
|
Cerberus : Security Vulnerabilities
Copy Results
Download Results
Select Table
| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2008-6440 |
287 |
|
+Info |
2009-03-06 |
2009-03-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Cerberus Helpdesk before 4.0 (Build 600) allows remote attackers to obtain sensitive information via direct requests for "controllers ... that aren't standard helpdesk pages," possibly involving the (1) /display and (2) /kb URIs. |
|
2 |
CVE-2007-5930 |
79 |
|
XSS |
2007-11-10 |
2008-11-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the web interface in Cerberus FTP Server before 2.46 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
3 |
CVE-2006-6366 |
|
|
XSS |
2006-12-07 |
2008-09-05 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site scripting (XSS) vulnerability in includes/elements/spellcheck/spellwin.php in Cerberus Helpdesk 0.97.3, 2.0 through 2.7, 3.2.1, and 3.3 allows remote attackers to inject arbitrary web script or HTML via the js parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
|
4 |
CVE-2006-5428 |
|
|
Bypass +Info |
2006-10-20 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
rpc.php in Cerberus Helpdesk 3.2.1 does not verify a client's privileges for a display_get_requesters operation, which allows remote attackers to bypass the GUI login and obtain sensitive information (ticket data) via a direct request. |
|
5 |
CVE-2006-4539 |
|
|
Bypass +Info |
2006-09-05 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
(1) includes/widgets/module_company_tickets.php and (2) includes/widgets/module_track_tickets.php Client Support Center in Cerberus Helpdesk 3.2 Build 317, and possibly earlier, allows remote attackers to bypass security restrictions and obtain sensitive information via the ticket parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
|
6 |
CVE-2006-0509 |
|
|
XSS |
2006-02-01 |
2008-09-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in clients.php in Cerberus Helpdesk, possibly 2.7, allow remote attackers to inject arbitrary web script or HTML via (1) the contact_search parameter and (2) unspecified url fields. |
|
7 |
CVE-2005-4428 |
|
|
XSS |
2005-12-20 |
2008-09-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in index.php in Cerberus Helpdesk allows remote attackers to inject arbitrary web script or HTML via the kb_ask parameter. |
|
8 |
CVE-2005-4427 |
|
|
Exec Code Sql |
2005-12-20 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in Cerberus Helpdesk allow remote attackers to execute arbitrary SQL commands via the (1) file_id parameter to attachment_send.php, (2) the $addy variable in email_parser.php, (3) $address variable in email_parser.php, (4) $a_address variable in structs.php, (5) kbid parameter to cer_KnowledgebaseHandler.class.php, (6) queues[] parameter to addresses_export.php, (7) $thread variable to display.php, (8) ticket parameter to display_ticket_thread.php. |
|
9 |
CVE-2005-3502 |
|
|
|
2005-11-05 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
attachment_send.php in Cerberus Helpdesk allows remote attackers to view attachments and tickets of other users via a modified file_id parameter. |
|
10 |
CVE-2005-1963 |
|
|
+Info |
2005-06-16 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Cerberus Helpdesk 0.97.3 allows remote attackers to obtain sensitive information via certain requests to (1) reports.php, (2) knowledgebase.php, or (3) configuration.php, which leaks the information in a PHP error message. |
|
11 |
CVE-2005-1962 |
|
|
XSS |
2005-06-16 |
2008-09-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Cerberus Helpdesk 0.97.3 allows remote attackers to inject arbitrary web script or HTML via the (1) errorcode parameter to index.php or (2) certain fields to clients.php. |
|
12 |
CVE-2003-1476 |
|
|
|
2003-12-31 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Cerberus FTP Server 2.1 stores usernames and passwords in plaintext, which could allow local users to gain access. |
Total number of vulnerabilities : 12
Page :
1
(This Page)
|
|
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is
MITRE's CVE web site.
CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is
MITRE's CWE web site.
OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is
MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user's risk.
It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,
INDIRECT or any other kind of loss.
