Archive

Archive for the ‘Customer Relationship’ Category

Cory Support “q” SQL Injection

March 30th, 2014
Comments Off

Application: Cory Support
Affected Version: version 1.0 and other versions.
Vendor’s URL: Cory Support
Bug Type: SQL Injection
Risk Level: Critical

Solution:
No official solution is currently available.

Customer Relationship, SQL Injection

e-ticketing “user_name” and “password” SQL Injection

April 30th, 2012
Comments Off

Application: e-ticketing
Affected Version: version downloaded on 2012-04-05, other versions are not affected.
Vendor’s URL: e-ticketing
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Customer Relationship, SQL Injection

PHP Live! “deptid” SQLi

September 23rd, 2009
Comments Off

Application: PHP Live!
Affected Version: version 3.3 and other versions.
Vendor’s URL: PHP Live!
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Customer Relationship, SQL Injection

PHP Live Helper Multiple Vulnerabilities

August 25th, 2008
Comments Off

Application: PHP Live Helper
Affected Version: version 2.0.1 and other versions.
Vendor’s URL: PHP Live Helper
Bug Type: SQL Injection
Risk Level: Critcal

Solution:
Update to version 2.1.0.

Customer Relationship, SQL Injection

Kayako SupportSuite Multiple Vulnerabilities

August 25th, 2008
Comments Off

Application: Kayako
Affected Version: version 3.20.02 and prior versions
Vendor’s URL: SupportSuite
Bug Type: SQL Injection and Cross Site Scripting
Risk Level: Critical

Solution:
Fixed in version 3.30.00 RC3.

Filter malicious characters and character sequences in a web proxy.

Cross Site Scripting, Customer Relationship, SQL Injection

h2desk Support System Security Bypass

March 20th, 2008
Comments Off

Application: h2desk Support System
Affected Version:
Vendor’s URL: http://www.heathcosoft.com/h2desk/
Bug Type: Security Bypass
Risk Level: Medium

Solution:
Grant trusted users to access

Access Bypass, Customer Relationship

PHP Live! Request.PHP Cross-Site Scripting

June 21st, 2007

Application: PHP Live!
Affected Version: 3.2.2 or other versions may be affected
Vendor’s URL: http://www.phplivesupport.com/
Bug Type: Cross-Site Scripting
Risk Level: Medium

Solution:
Waiting for updates or patches from vendor

Cross Site Scripting, Customer Relationship