Linux Distros Unpatched Vulnerability : CVE-2017-16664

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System OTRS 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. In the agent...

CVE-2020-16664

CVE-2020-16664 entry is rejected/not used; it does not represent an active vulnerability entry.

CVE-2020-16664

...

CVE-2019-16664

ThinkSAAS 2.91 is affected by CVE-2019-16664: an XSS via the parameter groupname in index.php?app=group&ac=create&ts=do. Root cause described across sources is insufficient sanitization of the groupname input, enabling cross-site scripting. Affected product/version: ThinkSAAS 2.91. The Red Hat ad...

CVE-2018-16664

Contiki-NG up to version 4.1 is affected by a buffer overflow in os/storage/antelope/lvm.c: lvm_set_type while parsing AQL (lvm_set_op, lvm_set_relation, lvm_set_operand). CNVD-2019-09778 notes that this can be exploited to execute code, indicating a code execution risk, with CVSS potential impac...

openSUSE Security Update : otrs (openSUSE-2017-1291)

This update for otrs fixes the following security issues : - CVE-2017-15864: Remote authenticated attackers could have caused otrs to disclose configuration information, including database credentials boo1068677, OSA-2017-06 - CVE-2017-16664: Remote authenticated attackers could have caused the...

[SECURITY] [DSA 4047-1] otrs2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4047-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 23, 2017 https://www.debian.org/security/faq -...

Security update for otrs (important)

This update for otrs fixes the following security issues: - CVE-2017-15864: Remote authenticated attackers could have caused otrs to disclose configuration information, including database credentials boo1068677, OSA-2017-06 - CVE-2017-16664: Remote authenticated attackers could have caused the...

CVE-2017-16664

Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System OTRS 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. In the agent interface, an authenticated remote attacker can execute shell commands as the webserver user via URL manipulation...

CVE-2017-16664

Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System OTRS 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. In the agent interface, an authenticated remote attacker can execute shell commands as the webserver user via URL manipulation...

CVE-2017-16664

Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System OTRS 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. In the agent interface, an authenticated remote attacker can execute shell commands as the webserver user via URL manipulation...

CVE-2017-16664

CVE-2017-16664 affects the Open Ticket Request System (OTRS). The flaw is a code injection in Kernel/System/Spelling.pm that allows an authenticated remote attacker to execute shell commands as the webserver user via URL manipulation. Affected versions are OTRS 5 before 5.0.24, 4 before 4.0.26, a...