EUVD-2013-3486

Malware in sbrugna...

DEBIAN-CVE-2013-3551

Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System OTRS 3.0.x before 3.0.20, 3.1.x before 3.1.16, and 3.2.x before 3.2.7, and OTRS ITSM 3.0.x before 3.0.8, 3.1.x before 3.1.9, and 3.2.x before 3.2.5 does not properly restrict tickets, which allows remote attackers with a valid agent...

CVE-2013-3551

Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System OTRS 3.0.x before 3.0.20, 3.1.x before 3.1.16, and 3.2.x before 3.2.7, and OTRS ITSM 3.0.x before 3.0.8, 3.1.x before 3.1.9, and 3.2.x before 3.2.5 does not properly restrict tickets, which allows remote attackers with a valid agent...

UBUNTU-CVE-2013-4088

Kernel/Modules/AgentTicketWatcher.pm in Open Ticket Request System OTRS 3.0.x before 3.0.21, 3.1.x before 3.1.17, and 3.2.x before 3.2.8 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket spl...

CVE-2013-4088

Kernel/Modules/AgentTicketWatcher.pm in Open Ticket Request System OTRS 3.0.x before 3.0.21, 3.1.x before 3.1.17, and 3.2.x before 3.2.8 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket spl...

UBUNTU-CVE-2013-3551

Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System OTRS 3.0.x before 3.0.20, 3.1.x before 3.1.16, and 3.2.x before 3.2.7, and OTRS ITSM 3.0.x before 3.0.8, 3.1.x before 3.1.9, and 3.2.x before 3.2.5 does not properly restrict tickets, which allows remote attackers with a valid agent...

MGASA-2013-0247 Updated otrs package fixes security vulnerability

It was discovered that otrs2, the Open Ticket Request System, does not properly sanitise user-supplied data that is used on SQL queries. An attacker with a valid agent login could exploit this issue to craft SQL queries by injecting arbitrary SQL code through manipulated URLs CVE-2013-4717...

[ MDVSA-2013:188 ] otrs

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:188 http://www.mandriva.com/en/support/security/ Package : otrs Date : July 2, 2013 Affected: Business Server 1.0 Problem Description: Updated otrs package fixes security vulnerabilities: An attacker with a...

Updated otrs package fixes security vulnerabilities

An attacker with a valid agent login could manipulate URLs in the ticket watch mechanism to see contents of tickets they are not permitted to see CVE-2013-3551, CVE-2013-4088...

otrs -- information disclosure

The OTRS Project reports: An attacker with a valid agent login could manipulate URLs in the ticket watch mechanism to see contents of tickets they are not permitted to see...

Debian: Security Advisory (DSA-2696-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

otrs -- Information disclosure and Data manipulation

The OTRS Project reports: An attacker with a valid agent login could manipulate URLs in the object linking mechanism to see titles of tickets and other objects that are not obliged to be seen. Furthermore, links to objects without permission can be placed and removed...