2 matches found
CVE-2010-4634
osTicket 1.6 is affected by a directory traversal vulnerability. The issue allows remote attackers to read arbitrary files by supplying .. sequences in the file parameter to module.php, a vulnerability described across CVE-2010-4634. The description notes this is a separate vector from CVE-2005-1...
CVE-2005-1439
CVE-2005-1439 : In osTicket, a directory traversal vulnerability exists in attachments.php that allows remote attackers to read arbitrary files via .. sequences in the file parameter. Evidence from multiple sources confirms a network-wide, unauthenticated remote attack vector with a base CVSS v2 ...