CVEブラウザに戻る

CVE-2006-5474

HIGH

7.5

CVSS Severity Score

EPSS Score0.0780%

EPSS Percentile33.11th

Published2006年10月24日

Last Modified2026年4月23日

Vulnerability Description

The "forgot password" function in OneOrZero Helpdesk before 1.6.5.4 generates insecure passwords by concatenating the current timestamp with the username, which allows remote attackers to gain access as an arbitrary user by requesting a password reset.

Affected Platforms (CPE)

📦

Oneorzero

Oneorzero Helpdesk

<= 1.6.5.3

📦

Oneorzero

Oneorzero Helpdesk

= 1.6

📦

Oneorzero

Oneorzero Helpdesk

= 1.6.3

📦

Oneorzero

Oneorzero Helpdesk

= 1.6.4

References & Advisories

🔗 http://oneorzero.com/downloads/release_notes/Current_Release_notes.html

🔗 http://secunia.com/advisories/22476

🔗 http://securityreason.com/securityalert/1767

🔗 http://www.securityfocus.com/archive/1/449352/100/0/threaded

🔗 http://www.securityfocus.com/bid/20651

🔗 http://www.whitedust.net/speaks/3043/

🔗 http://oneorzero.com/downloads/release_notes/Current_Release_notes.html

🔗 http://secunia.com/advisories/22476

関連する脆弱性情報

CVE-2009-08865.0

Directory traversal vulnerability in login.php in OneOrZero Helpdesk 1.6.5.7 and earlier allows remote attackers to read arbitrary...

CVE-2007-57274.3

Incomplete blacklist vulnerability in the stripScripts function in common.php in OneOrZero Helpdesk 1.6.5.4, 1.6.4.2, and possibly...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...