Gregor Mynarsky

5 exploits Active since Aug 2017
CVE-2015-4074 EXPLOITDB HIGH text WORKING POC
Helpdesk Pro < 1.3.0 - Path Traversal
Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a ticket.download_attachment task.
CVSS 7.5
CVE-2015-4073 EXPLOITDB CRITICAL text WORKING POC
Helpdesk Pro < 1.3.0 - SQL Injection
Multiple SQL injection vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) ticket_code or (2) email parameter or (3) remote authenticated users to execute arbitrary SQL commands via the filter_order parameter.
CVSS 9.8
CVE-2015-4072 EXPLOITDB MEDIUM text WORKING POC
Helpdesk Pro < 1.3.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via vectors related to name and message.
CVSS 5.4
CVE-2015-4071 EXPLOITDB MEDIUM text WORKING POC
Helpdesk Pro < 1.3.0 - Information Disclosure
The Helpdesk Pro Plugin before 1.4.0 for Joomla! allows remote attackers to read the support tickets of arbitrary users via obtaining the target ticketId, and navigating to http://{target}/component/helpdeskpro/?view=ticket&id={ticketId}.
CVSS 5.3
CVE-2015-4075 EXPLOITDB HIGH text WORKING POC
Helpdeskpro Helpdesk Pro < 1.3.0 - Injection
The Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to write to arbitrary .ini files via a crafted language.save task.
CVSS 8.1