Helpdesk software Hesk 0.92 does not properly verify usernames and passwords, which allows remote attackers to bypass authentication via a direct request to admin_main.php.
https://exchange.xforce.ibmcloud.com/vulnerabilities/22054
http://www.securityfocus.com/bid/14692
http://secunia.com/advisories/16623/