10 matches found
Mageia: Security Advisory (MGASA-2014-0194)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DLA-1119-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 1119-1] otrs2 security update
Package : otrs2 Version : 3.3.18-1deb7u1 CVE ID : CVE-2014-1695 CVE-2014-2553 CVE-2014-2554 CVE-2017-14635 Debian Bug : 876462 An attacker who is logged into OTRS, a Ticket Request System, as an agent with write permissions for statistics can inject arbitrary code into the system. This can lead t...
[ MDVSA-2014:111 ] otrs
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:111 http://www.mandriva.com/en/support/security/ Package : otrs Date : June 10, 2014 Affected: Business Server 1.0 Problem Description: Updated otrs package fixes security vulnerabilities: A logged in attack...
openSUSE Security Update : otrs (openSUSE-SU-2014:0561-1)
This otrs update fixes the following security and non security issues : - bnc871758: Fixed OSA-2014-04 CVE-2014-2553 and OSA-2014-05 CVE-2014-2554. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security...
Mandriva Linux Security Advisory : otrs (MDVSA-2014:111)
Updated otrs package fixes security vulnerabilities : A logged in attacker could insert special content in dynamic fields, leading to JavaScript code being executed in OTRS CVE-2014-2553. An attacker could embed OTRS in a hidden iframe tag of another page, tricking the user into clicking links in...
Updated otrs packages fix multiple vulnerabilities
Updated otrs package fixes security vulnerabilities: A logged in attacker could insert special content in dynamic fields, leading to JavaScript code being executed in OTRS CVE-2014-2553. An attacker could embed OTRS in a hidden iframe tag of another page, tricking the user into clicking links in...
CVE-2014-2554
OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote attackers to conduct clickjacking attacks via an IFRAME element...
CVE-2014-2554
CVE-2014-2554 affects OTRS:1.x/2.x? No—3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 are vulnerable to remote clickjacking via an IFRAME. The issue is exploitable by a remote attacker; impact is limited to clickjacking (no confidentiality nor integrity loss in the CVSS data, bu...
FreeBSD : otrs -- Clickjacking issue (ffa7c6e4-bb29-11e3-8136-60a44c524f57)
The OTRS Project reports : An attacker could embed OTRS in a hidden iframe tag of another page, tricking the user into clicking links in OTRS. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database...