Layton Technology Helpbox — known CVE vulnerabilities
Every CVE whose affected-product data names Layton Technology Helpbox, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2004-2551 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in Layton HelpBox 3.0.1 allow remote attackers to execute arbitrary SQL commands via (1) the…
CVE-2012-4971 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in Layton Helpbox 4.4.0 allow remote attackers to execute arbitrary SQL commands via the (1)…
CVE-2007-5402 — CVSS 6.5 (medium): Multiple SQL injection vulnerabilities in Layton HelpBox 3.7.1 allow (1) remote attackers to execute arbitrary SQL commands via the…
CVE-2007-5401 — CVSS 6.5 (medium): Unrestricted file upload vulnerability in uploadrequest.asp in Layton HelpBox 3.7.1 allows remote authenticated users to upload and execute…
CVE-2007-5404 — CVSS 5.0 (medium): Layton HelpBox 3.7.1 generates different responses depending on whether or not a username is valid in a failed login attempt, which allows…
CVE-2012-4977 — CVSS 5.0 (medium): Layton Helpbox 4.4.0 allows remote attackers to discover cleartext credentials for the login page by sniffing the network.
CVE-2012-4976 — CVSS 5.0 (medium): selectawasset.asp in Layton Helpbox 4.4.0 allows remote attackers to discover ODBC database credentials via an element=sys_asset_id…
CVE-2012-4972 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Layton Helpbox 4.4.0 allow remote attackers to inject arbitrary web script or HTML…
CVE-2012-4975 — CVSS 4.0 (medium): editrequestuser.asp in Layton Helpbox 4.4.0 allows remote authenticated users to change arbitrary support-ticket data via a modified…
CVE-2007-5403 — CVSS 3.5 (low): Multiple cross-site scripting (XSS) vulnerabilities in Layton HelpBox 3.7.1 allow remote authenticated users to inject arbitrary web script…