Lucene search
K

5 matches found

NVD
NVD
added 2017/11/21 2:29 p.m.22 views

CVE-2017-16664

Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System OTRS 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. In the agent interface, an authenticated remote attacker can execute shell commands as the webserver user via URL manipulation...

8.8CVSS9AI score0.02492EPSS
Exploits0References3
Cvelist
Cvelist
added 2017/11/21 2:0 p.m.23 views

CVE-2017-16664

Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System OTRS 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. In the agent interface, an authenticated remote attacker can execute shell commands as the webserver user via URL manipulation...

8.9AI score0.02492EPSS
Exploits0References3
Cvelist
Cvelist
added 2017/11/16 3:0 p.m.22 views

CVE-2017-15864

In the Agent Frontend in Open Ticket Request System OTRS 3.3.x through 3.3.18, with a crafted URL it is possible to gain information like database user and password...

8.5AI score0.01771EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2014/02/28 5:0 p.m.27 views

CVE-2014-1695

Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML email...

4.3CVSS7.4AI score0.04913EPSS
Exploits5
Cvelist
Cvelist
added 2014/02/04 4:0 p.m.25 views

CVE-2014-1471

SQL injection vulnerability in the StateGetStatesByType function in Kernel/System/State.pm in Open Ticket Request System OTRS 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allows remote attackers to execute arbitrary SQL commands via vectors related to a ticket search URL...

8AI score0.01827EPSS
Exploits0References11
Rows per page
Query Builder