U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): helm
  • Search Type: Search All
  • CPE Name Search: false
There are 86 matching records.
Displaying matches 81 through 86.
Vuln ID Summary CVSS Severity
CVE-2006-1407

Multiple cross-site scripting (XSS) vulnerabilities in Helm Web Hosting Control Panel 3.2.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) txtDomainName parameter to domains.asp or (2) SearchText or (3) UserLevel parameters to default.asp.

Published: March 28, 2006; 6:06:00 AM -0500 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 5.8 MEDIUM
CVE-2006-0355

Helmsman Research (aka CoolUtils) HomeFtp 1.1 allows remote attackers to cause an unspecified denial of service via a long USER command combined with a long PASS command and an NLST command.

Published: January 22, 2006; 3:03:00 PM -0500 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 5.0 MEDIUM
CVE-2006-0211

Cross-site scripting (XSS) vulnerability in forgotPassword.asp in Helm Hosting Control Panel 3.2.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the txtEmailAddress parameter.

Published: January 13, 2006; 8:03:00 PM -0500 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 4.3 MEDIUM
CVE-2005-4747

Cross-site scripting (XSS) vulnerability in WebHost Automation Ltd Helm before 3.2.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors involving the default page.

Published: December 31, 2005; 12:00:00 AM -0500 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 4.3 MEDIUM
CVE-2004-1498

SQL injection vulnerability in the compose message form in HELM 3.1.19 and earlier allows remote attackers to execute arbitrary SQL commands via the messageToUserAccNum parameter.

Published: December 31, 2004; 12:00:00 AM -0500 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 7.5 HIGH
CVE-2004-1499

Cross-site scripting (XSS) vulnerability in the compose message form in HELM 3.1.19 and earlier allows remote attackers to execute arbitrary web script or HTML via the Subject field.

Published: December 31, 2004; 12:00:00 AM -0500 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 4.3 MEDIUM