EUVD-2018-2274

Malware in sbrugna...

CVE-2025-10692 OpenSupports 4.11.0 — SQL Injection

The endpoint POST /api/staff/get-new-tickets concatenates the user-controlled parameter departmentId directly into the SQL WHERE clause without parameter binding. As a result, an authenticated staff user level ≥ 1 can inject SQL to alter the filter logic, effectively bypassing department scoping...

CVE-2025-10692 OpenSupports 4.11.0 — SQL Injection

The endpoint POST /api/staff/get-new-tickets concatenates the user-controlled parameter departmentId directly into the SQL WHERE clause without parameter binding. As a result, an authenticated staff user level ≥ 1 can inject SQL to alter the filter logic, effectively bypassing department scoping...

PT-2025-40597

Name of the Vulnerable Software and Affected Versions OpenSupports versions 4.11.0 Description The application’s API endpoint, /api/staff/get-new-tickets, directly incorporates the user-supplied parameter departmentId into a SQL query without proper sanitization. This allows an authenticated staf...

Linux Distros Unpatched Vulnerability : CVE-2018-10198

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OTRS 6.0.x before 6.0.7. An attacker who is logged into OTRS as a customer can use the ticket overview screen to disclose internal...

Linux Distros Unpatched Vulnerability : CVE-2019-13457

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Open Ticket Request System OTRS 7.0.x through 7.0.8. A customer user can use the search results to disclose information from their...

in chatwoot/chatwoot

💥 BUG unprivileged user can see ticket content 💥 IMPACT User does not have any inboixes but still can see ticket details in inbox . 💥 STEP TO REPRODUCE 1.First from admin account goto https://app.chatwoot.com/app/accounts/4534/settings/agents/list and add new agent user-B .\ Now dont add this...

UBUNTU-CVE-2018-10198

An issue was discovered in OTRS 6.0.x before 6.0.7. An attacker who is logged into OTRS as a customer can use the ticket overview screen to disclose internal article information of their customer tickets...

CVE-2018-10198

An issue was discovered in OTRS 6.0.x before 6.0.7. An attacker who is logged into OTRS as a customer can use the ticket overview screen to disclose internal article information of their customer tickets...

CVE-2017-16854

The CVE-2017-16854 issue affects Open Ticket Request System (OTRS) up to versions 3.3.20, 4.x up to 4.0.26, 5.x up to 5.0.24, and 6.x up to 6.0.1, where an authenticated customer can use the ticket search form to disclose internal article information in customer tickets. Connected advisories conf...

SSH < 1.2.28 Kerberos NFS Share Ticket Disclosure

Binary data 1977.prm...

Kerberos security vulnerability in SSH-1.2.27

I am writing to report a security bug in SSH 1.2.27. SOFTWARE AFFECTED: SSH 1.2.27 with Kerberos authentication support compiled in i.e. "configure --with-kerberos5". I have contacted SSH Communicators Security http://www.ssh.com about this, and they have just released ssh-1.2.28, which fixes thi...