11 matches found
Mageia: Security Advisory (MGASA-2013-0196)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2013-4088
Kernel/Modules/AgentTicketWatcher.pm in Open Ticket Request System OTRS 3.0.x before 3.0.21, 3.1.x before 3.1.17, and 3.2.x before 3.2.8 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket spl...
CVE-2013-4088
Kernel/Modules/AgentTicketWatcher.pm in Open Ticket Request System OTRS 3.0.x before 3.0.21, 3.1.x before 3.1.17, and 3.2.x before 3.2.8 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket spl...
CVE-2013-4088
Summary (CVE-2013-4088) : Open Ticket Request System (OTRS) components Kernel/Modules/AgentTicketWatcher.pm in OTRS 3.0.x before 3.0.21, 3.1.x before 3.1.17, and 3.2.x before 3.2.8 allowed remote attackers with a valid agent login to read restricted tickets via a crafted URL using the ticket spli...
DSA-2733-1 otrs2 - SQL injection
Bulletin has no description...
Debian Security Advisory DSA 2733-1 (otrs2 - SQL injection)
It was discovered that otrs2, the Open Ticket Request System, does not properly sanitise user-supplied data that is used on SQL queries. An attacker with a valid agent login could exploit this issue to craft SQL queries by injecting arbitrary SQL code through manipulated URLs. OpenVAS Vulnerabili...
[ MDVSA-2013:188 ] otrs
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:188 http://www.mandriva.com/en/support/security/ Package : otrs Date : July 2, 2013 Affected: Business Server 1.0 Problem Description: Updated otrs package fixes security vulnerabilities: An attacker with a...
MGASA-2013-0196 Updated otrs package fixes security vulnerabilities
An attacker with a valid agent login could manipulate URLs in the ticket watch mechanism to see contents of tickets they are not permitted to see CVE-2013-3551, CVE-2013-4088...
Updated otrs package fixes security vulnerabilities
An attacker with a valid agent login could manipulate URLs in the ticket watch mechanism to see contents of tickets they are not permitted to see CVE-2013-3551, CVE-2013-4088...
FreeBSD : otrs -- information disclosure (8b97d289-d8cf-11e2-a1f5-60a44c524f57)
The OTRS Project reports : An attacker with a valid agent login could manipulate URLs in the ticket watch mechanism to see contents of tickets they are not permitted to see. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...
[SECURITY] [DSA 2712-1] otrs2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2712-1 [email protected] http://www.debian.org/security/ Florian Weimer June 19, 2013 http://www.debian.org/security/faq -...