39 matches found
EUVD-2011-1686
Malware in sbrugna...
CVE-2012-6578
CVE-2012-6578 affects Best Practical Solutions RT prior to 3.8.15 and 4.0.x prior to 4.0.8 when GnuPG signing is enabled with a "Sign by default" queue configuration. The flaw causes the system to sign messages using a queue’s key, enabling remote attackers to spoof messages due to missing authen...
CVE-2012-2768
Multiple cross-site scripting XSS vulnerabilities in the topic administration page in the RTFM extension 2.0.4 through 2.4.3 for Best Practical Solutions RT allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2012-2769
Multiple cross-site scripting XSS vulnerabilities in the topic administration page in the Extension::MobileUI extension before 1.02 for Best Practical Solutions RT 3.8.x and in Best Practical Solutions RT before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via unspecified...
CVE-2012-2770
The Authen::ExternalAuth extension before 0.11 for Best Practical Solutions RT allows remote attackers to obtain a logged-in session via unspecified vectors related to the "URL of a RSS feed of the user."...
CVE-2012-2768
Multiple cross-site scripting XSS vulnerabilities in the topic administration page in the RTFM extension 2.0.4 through 2.4.3 for Best Practical Solutions RT allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2012-2769
Multiple cross-site scripting XSS vulnerabilities in the topic administration page in the Extension::MobileUI extension before 1.02 for Best Practical Solutions RT 3.8.x and in Best Practical Solutions RT before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via unspecified...
CVE-2012-2770
The CVE-2012-2770 entry concerns the Authen::ExternalAuth extension (pre-0.11) for Best Practical Solutions RT, where remote attackers could obtain a logged-in session via unspecified vectors related to the user’s RSS feed URL. Public references describe the issue similarly. Remediation is availa...
CVE-2012-2768
CVE-2012-2768: XSS in the topic administration page of rtfm (Best Practical RT) affecting 2.0.4–2.4.3. Debian advisory DSA-2535-1 notes fixes: 2.4.2-4+squeeze1 for squeeze, and 4.0.6-4 for wheezy/sid; update to a fixed version to mitigate. Affected products/versions are documented in connected so...
CVE-2012-2769
Multiple cross-site scripting XSS vulnerabilities in the topic administration page in the Extension::MobileUI extension before 1.02 for Best Practical Solutions RT 3.8.x and in Best Practical Solutions RT before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via unspecified...
CVE-2012-2769
CVE-2012-2769: Multiple XSS vulnerabilities in the topic administration page of the Extension::MobileUI extension before 1.02 for Best Practical Solutions RT 3.8.x and in Best Practical Solutions RT before 4.0.6. Remote attackers can inject arbitrary web script or HTML via unspecified vectors. Af...
CVE-2011-2083
Multiple cross-site scripting XSS vulnerabilities in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2011-2085
Multiple cross-site request forgery CSRF vulnerabilities in Best Practical Solutions RT before 3.8.12 and 4.x before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users...
CVE-2011-4460
SQL injection vulnerability in Best Practical Solutions RT 2.x and 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to execute arbitrary SQL commands by leveraging access to a privileged account...
Code injection
Best Practical Solutions RT 3.6.x, 3.7.x, and 3.8.x before 3.8.12 and 4.x before 4.0.6, when the VERPPrefix and VERPDomain options are enabled, allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-5092 and CVE-2011-5093...
CVE-2011-2085
Multiple cross-site request forgery CSRF vulnerabilities in Best Practical Solutions RT before 3.8.12 and 4.x before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users...
CVE-2011-2083
Multiple cross-site scripting XSS vulnerabilities in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2011-2085
Multiple cross-site request forgery CSRF vulnerabilities in Best Practical Solutions RT before 3.8.12 and 4.x before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users...
CVE-2011-2083
Multiple cross-site scripting XSS vulnerabilities in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2011-2085
CVE-2011-2085 affects Best Practical Solutions RT, with CSRF vulnerabilities that could hijack user sessions. Affected are RT 3.x before 3.8.12 and RT 4.x before 4.0.6. The advisory details multiple issues—CSRF in particular allows remote attackers to impersonate legitimate users. The connected d...