Mastodawn

I'm looking for a good #helpdesk software for #Grannus, my little SaaS project. It must be open source, self-hostable and modern. Discovered so far #Zammad, #FreeScout and #osTicket. Zammad looks best so far, but it's a huge system with many components. What do you recommend?

CyberVeille.ch Mar 8

📢 FreeScout: Zero‑click RCE non authentifié (CVE‑2026‑28289) corrigé en v1.8.207
📝 Source: OX Security (OX Research).
📖 cyberveille : https://cyberveille.ch/posts/2026-03-08-freescout-zero-click-rce-non-authentifie-cve-2026-28289-corrige-en-v1-8-207/
🌐 source : https://www.ox.security/blog/freescout-rce-cve-2026-28289/
#CVE_2026_28289 #FreeScout #Cyberveille

FreeScout: Zero‑click RCE non authentifié (CVE‑2026‑28289) corrigé en v1.8.207

Source: OX Security (OX Research). Contexte: les chercheurs dévoilent une vulnérabilité critique dans FreeScout convertissant une RCE authentifiée récemment corrigée en RCE non authentifiée et zero‑click, affectant toutes les versions jusqu’à 1.8.206 et corrigée en v1.8.207. 🚨 Vulnérabilité: CVE‑2026‑28289 (Remote Code Execution, non authentifiée, zero‑click, sévérité critique). Un simple email spécialement conçu, envoyé à une adresse gérée par FreeScout, permet l’exécution de code sur le serveur sans authentification ni interaction utilisateur. La faille résulte d’un contournement du correctif précédent (lié à CVE‑2026‑27636) via une faille de validation de nom de fichier.

CyberVeille

CyberVeille.ch Mar 5

📢 Vulnérabilité critique dans FreeScout : exécution de code à distance sans authentification
📝 Selon la source citée, une vulnérabilité de **sévérité maximale** affecte la...
📖 cyberveille : https://cyberveille.ch/posts/2026-03-05-vulnerabilite-critique-dans-freescout-execution-de-code-a-distance-sans-authentification/
🌐 source : https://www.bleepingcomputer.com/news/security/mail2shell-zero-click-attack-lets-hackers-hijack-freescout-mail-servers/
#FreeScout #RCE #Cyberveille

Vulnérabilité critique dans FreeScout : exécution de code à distance sans authentification

Selon la source citée, une vulnérabilité de sévérité maximale affecte la plateforme d’assistance FreeScout, permettant une exécution de code à distance (RCE) sans aucune interaction utilisateur ni authentification. ⚠️ Points clés résumés : Produit concerné : FreeScout (plateforme helpdesk) Type de vulnérabilité : RCE de sévérité maximale Impact : prise de contrôle à distance potentielle Conditions d’exploitation : aucune interaction, aucune authentification requise IOCs et TTPs : IOCs : non fournis dans l’extrait TTPs : exploitation d’une RCE sans interaction et sans authentification Il s’agit d’un article d’information sur une vulnérabilité, visant à signaler l’existence et la gravité du problème.

CyberVeille

The New Oil Mar 5

#Mail2Shell zero-click attack lets hackers hijack #FreeScout mail servers

https://www.bleepingcomputer.com/news/security/mail2shell-zero-click-attack-lets-hackers-hijack-freescout-mail-servers/

#email #cybersecurity

Mail2Shell zero-click attack lets hackers hijack FreeScout mail servers

A maximum severity vulnerability in the FreeScout helpdesk platform allows hackers to achieve remote code execution without any user interaction or authentication.

BleepingComputer

Offensive Sequence Mar 4

🔴 CRITICAL FreeScout vuln: zero-click RCE enables full server compromise, even bypassing previous patches. No CVE yet. Urgent: audit exposure, restrict access, monitor for updates. https://radar.offseq.com/threat/critical-freescout-vulnerability-leads-to-full-ser-b01b887c #OffSeq #FreeScout #Vuln #RCE #BlueTeam

Offensive Sequence Mar 4

⚠️ CRITICAL: CVE-2026-28289 in FreeScout <1.8.207 allows RCE via file upload bypass (zero-width space in .htaccess). Authenticated users can compromise servers. Patch to 1.8.207+ ASAP! https://radar.offseq.com/threat/cve-2026-28289-cwe-434-unrestricted-upload-of-file-e2a6fd58 #OffSeq #FreeScout #Vuln #RCE

Offensive Sequence Feb 25

🚨 CVE-2026-27637 (CRITICAL, 9.8): FreeScout <1.8.206 uses predictable tokens if APP_KEY is leaked, enabling total account takeover. Upgrade to 1.8.206+, rotate APP_KEY, and audit access controls now! https://radar.offseq.com/threat/cve-2026-27637-cwe-330-use-of-insufficiently-rando-8f97b2e6 #OffSeq #FreeScout #Vuln #AppSec

Kristin Hanke Dec 23

Based on my experience, FreeScout is good, free and open source solution for implementing help desk. I worked with many companies that moved to it and are satisfied with FreeScout. In general, there is no need to add additional subscription cost to your budget, if you can have open source solution that works good and is customizable.

And if you are not techie and don't know how to implement FreeScout, you can always ask someone or some agency to implement it for you. https://itsfoss.com/freescout-open-source-help-desk/

#FreeScout #helpdesk #software #opensource #freesoftware #business #tech #technology

Tired of Help Scout Pulling the Rug from Under You? Try This Free, Open Source Alternative

Discover how FreeScout lets you run your own help desk without vendor lock-in or surprise price hikes.

It's FOSS

Reddit Tech VN Bot Nov 29

Cổng hỗ trợ cho FreeScout Help Desk! Ứng dụng này cung cấp giao diện hiện đại, giúp người dùng quản lý và gửi ticket dễ dàng hơn. Hỗ trợ xác thực LDAP/AD, biểu mẫu động, tải file, cập nhật trạng thái ticket. FreeScout API cần thiết để hoạt động.
#FreeScout #HelpDesk #opensource #hotrotructuyen #phanmem

https://www.reddit.com/r/selfhosted/comments/1p9iaz0/support_portal_for_freescout_help_desk/

Carlo Zottmann Nov 6

Maybe I should figure out a way to connect a Mastodon account with my help desk system, #FreeScout. Hmm.

It's not like you have too many projects already, Carlo