CVE-2026-48236

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in dbloader.php where the multiple POST parameters ticketsdb, ticketshost, ticketsuser, ticketspassword are concatenated into mysqli connection arguments and dynamic SQL operating against an attacker-controlled database withou...

CVE-2026-48216

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in dbloader.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters ticketshost, ticketsdb, ticketsuser, ticketspassword,...

CVE-2026-48216

Open ISES Tickets prior to 3.44.2 is affected by a reflected XSS in db_loader.php. An authenticated attacker can inject arbitrary JavaScript by sending unsanitized values through the POST parameters ticketshost, ticketsdb, ticketsuser, ticketspassword, ticketsprefix, and db_schema, which are then...

CVE-2026-48216 Open ISES Tickets < 3.44.2 Reflected XSS via db_loader.php Multiple POST Parameters

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in dbloader.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters ticketshost, ticketsdb, ticketsuser, ticketspassword,...

CVE-2026-48216 Open ISES Tickets < 3.44.2 Reflected XSS via db_loader.php Multiple POST Parameters

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in dbloader.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters ticketshost, ticketsdb, ticketsuser, ticketspassword,...

CVE-2026-48216

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in dbloader.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters ticketshost, ticketsdb, ticketsuser, ticketspassword,...

PT-2026-42494

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in db loader.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters ticketshost, ticketsdb, ticketsuser, ticketspassword,...

PT-2026-42514

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in db loader.php where the multiple POST parameters ticketsdb, ticketshost, ticketsuser, ticketspassword are concatenated into mysqli connection arguments and dynamic SQL operating against an attacker-controlled database witho...

tickets 跨站脚本漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the lack of proper cleaning of multiple POST parameters in the dbloader.php file,...

Rational ClearCase 3.2/4.x DB Loader TERM Environment Variable Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3523/info ClearCase is a commercially available software change management package. It is maintained and distributed by Rational. A problem with the package could lead to a local user gaining elevated privileges. The...

PT-1999-1039 · Ibm · Clearcase

Name of the Vulnerable Software and Affected Versions: ClearCase affected versions not specified Description: A race condition exists in the db loader program of ClearCase, allowing local users to gain root access by setting SUID bits. Recommendations: At the moment, there is no information about...