Oneorzero Oneorzero Helpdesk — known CVE vulnerabilities
Every CVE whose affected-product data names Oneorzero Oneorzero Helpdesk, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2003-0304 — CVSS 10.0 (critical): one||zero (aka One or Zero) Helpdesk 1.4 rc4 allows remote attackers to create administrator accounts by directly calling the install.php…
CVE-2006-5474 — CVSS 7.5 (high): The "forgot password" function in OneOrZero Helpdesk before 1.6.5.4 generates insecure passwords by concatenating the current timestamp…
CVE-2003-0303 — CVSS 5.0 (medium): SQL injection vulnerability in one||zero (aka One or Zero) Helpdesk 1.4 rc4 allows remote attackers to modify arbitrary ticket number…
CVE-2009-0886 — CVSS 5.0 (medium): Directory traversal vulnerability in login.php in OneOrZero Helpdesk 1.6.5.7 and earlier allows remote attackers to read arbitrary files…
CVE-2007-5727 — CVSS 4.3 (medium): Incomplete blacklist vulnerability in the stripScripts function in common.php in OneOrZero Helpdesk 1.6.5.4, 1.6.4.2, and possibly other…