CVE-2023-46967

Cross Site Scripting vulnerability in the sanitize function in Enhancesoft osTicket 1.18.0 allows a remote attacker to escalate privileges via a crafted support ticket...

CVE-2023-46967

Cross Site Scripting vulnerability in the sanitize function in Enhancesoft osTicket 1.18.0 allows a remote attacker to escalate privileges via a crafted support ticket...

CVE-2020-13992

An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A Stored XSS issue allows remote unauthenticated attackers to abuse a helpdesk user's logged in session. A user with sufficient privileges to change their login-page image must open a crafted ticket...

Cross site scripting

An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A Stored XSS issue allows remote unauthenticated attackers to abuse a helpdesk user's logged in session. A user with sufficient privileges to change their login-page image must open a crafted ticket...

Denial Of Service (DoS)

Linux kernel is vulnerable to denial of service DoS attacks. The vulnerability is due to insufficient validation of Kerberos tickets by the affected system. An attacker could cause a buffer overflow which could allow the attacker to gain elevated privileges on targeted systems by submitting a...

DEBIAN-CVE-2014-3567

Memory leak in the tlsdecryptticket function in t1lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service memory consumption via a crafted session ticket that triggers an integrity-check failure...

CVE-2011-5061

functions.php in WHMCompleteSolution WHMCS 4.0.x through 5.0.x allows remote attackers to trigger arbitrary code execution in the Smarty templating system by submitting a crafted ticket, related to improper handling of characters in the subject field...

Design/Logic Flaw

functions.php in WHMCompleteSolution WHMCS 4.0.x through 5.0.x allows remote attackers to trigger arbitrary code execution in the Smarty templating system by submitting a crafted ticket, related to improper handling of characters in the subject field...

CVE-2011-5061

functions.php in WHMCompleteSolution WHMCS 4.0.x through 5.0.x allows remote attackers to trigger arbitrary code execution in the Smarty templating system by submitting a crafted ticket, related to improper handling of characters in the subject field...

PT-2012-2798 · Whmcs · Whmcs

Name of the Vulnerable Software and Affected Versions: WHMCS version 5.03 Description: The issue allows remote attackers to inject arbitrary code into a subject field via crafted ticket data in the submitticket.php file. Note that the vendor disputes this issue, stating that some details overlap...

Null pointer dereference

The Key Distribution Center KDC in Kerberos in Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2, when a trust relationship with a non-Windows Kerberos realm exists, allows remote authenticated users to cause a denial of service NULL pointer dereference and domain controll...

openSUSE Security Update : krb5 (krb5-1792)

Specially crafted ticket requests could crash the kerberos server CVE-2009-3295. Specially crafted AES and RC4 packets could allow unauthenticated remote attackers to trigger an integer underflow that leads to heap memory corruption CVE-2009-4212. %NASLMINLEVEL 70300 C Tenable Network Security,...