Gregor Mynarsky

5 exploits Active since Aug 2017
CVE-2015-4074 EXPLOITDB HIGH text WORKING POC
Helpdesk Pro < 1.3.0 - Path Traversal via Ticket Download Attachment Filename Parameter
Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a ticket.download_attachment task.
CVSS 7.5
CVE-2015-4073 EXPLOITDB CRITICAL text WORKING POC
Helpdesk Pro < 1.3.0 - SQL Injection via Ticket Code or Email Parameter
Multiple SQL injection vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) ticket_code or (2) email parameter or (3) remote authenticated users to execute arbitrary SQL commands via the filter_order parameter.
CVSS 9.8
CVE-2015-4072 EXPLOITDB MEDIUM text WORKING POC
Helpdesk Pro < 1.3.0 - Cross-Site Scripting via Name and Message Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via vectors related to name and message.
CVSS 5.4
CVE-2015-4071 EXPLOITDB MEDIUM text WORKING POC
Helpdesk Pro Plugin < 1.3.0 - Unauthorized Support Ticket Information Disclosure via Ticket ID
The Helpdesk Pro Plugin before 1.4.0 for Joomla! allows remote attackers to read the support tickets of arbitrary users via obtaining the target ticketId, and navigating to http://{target}/component/helpdeskpro/?view=ticket&id={ticketId}.
CVSS 5.3
CVE-2015-4075 EXPLOITDB HIGH text WORKING POC
Helpdesk Pro < 1.3.0 - Arbitrary File Write via Language Save Task
The Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to write to arbitrary .ini files via a crafted language.save task.
CVSS 8.1