5 matches found
CVE-2013-2625
creationtimestamp| type| source ---|---|--- 2024-02-28 17:07:35+00:00| seen| https://t.me/ctinow/195668...
CVE-2013-2625
An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not verified...
Debian Security Advisory DSA 2733-1 (otrs2 - SQL injection)
It was discovered that otrs2, the Open Ticket Request System, does not properly sanitise user-supplied data that is used on SQL queries. An attacker with a valid agent login could exploit this issue to craft SQL queries by injecting arbitrary SQL code through manipulated URLs. OpenVAS Vulnerabili...
DSA-2733-1 otrs2 - SQL injection
Bulletin has no description...
FreeBSD : otrs -- Information disclosure and Data manipulation (eae8e3cf-9dfe-11e2-ac7f-001fd056c417)
The OTRS Project reports : An attacker with a valid agent login could manipulate URLs in the object linking mechanism to see titles of tickets and other objects that are not obliged to be seen. Furthermore, links to objects without permission can be placed and removed. %NASLMINLEVEL 70300 C Tenab...