SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the Visible name field during the autoremoval process. An attacker can execute arbitrary SQL commands by injecting malicious input into this field. Remediation Upgrade zabbix/zabbix to version 6.0.34, 6.4.19, 7.0.4 or...

Advisory ROSA-SA-2025-2773

Software: zabbix 6.0.34 OS: ROSA Virtualization 3.0 packageevrstring: zabbix-6.0.34-2.rv30 CVE-ID: CVE-2024-22114 BDU-ID: 2025-00959 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Zabbix Universal Monitoring System is related to improper saving of permissions. Exploitation of the vulnerabilit...

CVE-2024-23793

The file upload feature in OTRS and OTRS Community Edition has a path traversal vulnerability. This issue permits authenticated agents or customer users to upload potentially harmful files to directories accessible by the web server, potentially leading to the execution of local code like Perl...

OTRS Cross-Site Scripting Vulnerability

OTRS is an application from OTRS Germany. A service management software. A security vulnerability exists in OTRS versions prior to 7.0.47, 8.0.37, and OTRS Community Edition versions 6.0.X through 6.0.34, which originates from the fact that an attacker with the privilege to create and change...

Security update for trytond (moderate)

openSUSE Security Update: Security update for trytond Announcement ID: openSUSE-SU-2023:0209-1 Rating: moderate References: 1213869 Affected Products: openSUSE Backports SLE-15-SP5 An update that contains security fixes can now be installed. Description: This update for trytond fixes the followin...

PT-2023-26272 · Otrs +2 · Otrs +3

Name of the Vulnerable Software and Affected Versions: OTRS versions 7.0.X through 7.0.44 OTRS versions 8.0.X through 8.0.34 OTRS Community Edition versions 6.0.1 through 6.0.34 Description: The issue is related to an Improper Input Validation vulnerability in the ContentType parameter for...

CVE-2023-1248

Improper Input Validation vulnerability in OTRS AG OTRS Ticket Actions modules, OTRS AG OTRS Community Edition Ticket Actions modules allows Cross-Site Scripting XSS.This issue affects OTRS: from 7.0.X before 7.0.42; OTRS Community Edition: from 6.0.1 through 6.0.34...

UBUNTU-CVE-2023-1248

Improper Input Validation vulnerability in OTRS AG OTRS Ticket Actions modules, OTRS AG OTRS Community Edition Ticket Actions modules allows Cross-Site Scripting XSS.This issue affects OTRS: from 7.0.X before 7.0.42; OTRS Community Edition: from 6.0.1 through 6.0.34...

Input validation

Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG OTRS Community Edition allows SQL Injection via TicketSearch Webservice This issue affects OTRS: from 7.0.1 before 7.0.40 Patch 1, from 8.0.1 before 8.0.28 Patch 1; OTRS Community Edition: from 6.0.1 through 6.0.34...

tomcat: large number of parameters DoS

Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service CPU consumption via a request that contains many parameters and parameter values, a different vulnerability...