CVE-2022-45449

Sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 Windows, Linux before build 30984...

JetBrains TeamCity Permission Issues Vulnerability

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. JetBrains TeamCity suffers from a privilege issue...

JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. JetBrains TeamCity suffers from a privilege issue...

CVE-2022-3405

Code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 Windows, Linux before build 29486, Acronis Cyber Backup 12.5 Windows, Linux before build 16545...

Acronis Cyber Backup和Acronis Cyber Protect 安全漏洞

Acronis Cyber Backup and Acronis Cyber Protect are both products of Singapore Acronis Acronis.Acronis Cyber Backup is a data backup product. You can backup virtual machines and hosts, support for windows, linux backup, using AcronisInstantRestore to provide extremely fast recovery performance, an...

PT-2022-7422 · Acronis · Acronis Cyber Protect 15 +1

Name of the Vulnerable Software and Affected Versions: Acronis Cyber Protect 15 versions prior to build 30984 Description: The issue is related to excessive privileges assigned to Acronis Agent, leading to sensitive information disclosure. This could allow a remote attacker to gain unauthorized...

Agent can get inbox credentials through api

Description user with agent privileges can get access to sensitive inbox details through api Proof of Concept 1. Create normal user with agent privileges 2. get api key for this user 3. use endpoint https://www.chatwoot.com/developers/api/tag/Inboxes/operation/listAllInboxes 4. if inbox is...

OTRS 信息泄露漏洞

OTRS is an application from the German company OTRS. A service management software. An information disclosure vulnerability exists in OTRS AG OTRS Community Edition, which stems from an agent being able to list customer user emails in a bulk action screen without requiring privileges...

Zammad Access Control Bypass Vulnerability

Zammad is a Web-based open source helpdesk/customer support system. An access control bypass vulnerability exists in Zammad versions prior to 3.5.1. An Agent with Customer privileges in a group can exploit this vulnerability to bypass access control to internal Articles via the Ticket detail view...

UBUNTU-CVE-2019-18179

An issue was discovered in Open Ticket Request System OTRS 7.0.x through 7.0.12, and Community Edition 5.0.x through 5.0.38 and 6.0.x through 6.0.23. An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, even tickets in a queue where the attacker doesn'...

PT-2020-9940 · Otrs +2 · Otrs +2

Name of the Vulnerable Software and Affected Versions: Open Ticket Request System OTRS versions 7.0.x through 7.0.12 Open Ticket Request System OTRS Community Edition versions 5.0.x through 5.0.38 Open Ticket Request System OTRS Community Edition versions 6.0.x through 6.0.23 Description: An issu...

PT-2019-19923 · Otrs +2 · Otrs +2

Name of the Vulnerable Software and Affected Versions: Open Ticket Request System OTRS versions 5.x through 5.0.34 Open Ticket Request System OTRS versions 6.x through 6.0.17 Open Ticket Request System OTRS versions 7.x through 7.0.6 Description: An issue was discovered in Open Ticket Request...