28 matches found
EUVD-2013-2576
Malware in sbrugna...
SUSE CVE-2013-2625
An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not verified...
CVE-2013-4718
Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS ITSM 3.0.x before 3.0.9, 3.1.x before 3.1.10, and 3.2.x before 3.2.7 allows remote authenticated users to inject arbitrary web script or HTML via an ITSM ConfigItem search...
CVE-2013-4718
CVE-2013-4718 describes a cross-site scripting (XSS) vulnerability in the Open Ticket Request System (OTRS) ITSM components. Affected are OTRS ITSM 3.0.x before 3.0.9, 3.1.x before 3.1.10, and 3.2.x before 3.2.7. The issue allows remote authenticated users to inject arbitrary web script or HTML t...
OTRS ITSM Information Disclosure Vulnerability
OTRS ITSM is a suite of foundational solutions for IT service management organizations from OTRS Germany. The solution is based on ITIL best practices and provides management tools for request and fault management, problem management, change management and release management. OTRS AG An informati...
Design/Logic Flaw
Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System OTRS 3.0.x before 3.0.20, 3.1.x before 3.1.16, and 3.2.x before 3.2.7, and OTRS ITSM 3.0.x before 3.0.8, 3.1.x before 3.1.9, and 3.2.x before 3.2.5 does not properly restrict tickets, which allows remote attackers with a valid agent...
CVE-2013-2637
A Cross-Site Scripting XSS Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code...
Cross site scripting
A Cross-Site Scripting XSS Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code...
CVE-2013-2637
CVE-2013-2637 describes a cross-site scripting (XSS) vulnerability in OTRS ITSM. The NVD/NVD-related entries state that an attacker could exploit an XSS via changes, workorder items, and FAQ articles, enabling a remote attacker to execute arbitrary code in affected systems. The vulnerability affe...
CVE-2013-2637
A Cross-Site Scripting XSS Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code...
CVE-2013-2625
An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not verified...
CVE-2013-2625
An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not verified...
CVE-2013-2625
An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not verified...
CVE-2013-2625
CVE-2013-2625 is an Access Bypass in OTRS where access rights by the object linking mechanism were not verified. Affected products/versions include OTRS Help Desk prior to 3.2.4, 3.1.14, 3.0.19 and OTRS ITSM prior to 3.2.3, 3.1.8, 3.0.7, as well as related FAQ versions. The issue is network-explo...
openSUSE Security Update : otrs (openSUSE-2016-1316)
This update for otrs fixes the following security issues : - CVE-2016-9139: execution of JavaScript in OTRS context by opening malicious attachment OSA-2016-02, bsc1008017 In addition, OTRS was updated to 3.3.16, containing all upstream improvements and bug fixes. %NASLMINLEVEL 70300 C Tenable...
OTRS FAQ Module - Persistent XSS
No description provided by source. Exploit Title: OTRS Faq Module - Persistent XSS Date: 2-Apr-2013 Exploit Author: Luigi Vezzoso Vendor Homepage: http://www.otrs.com Version: OTRS ITSM 3.2.x,OTRS ITSM 3.1.x,OTRS ITSM 3.0.x Tested on: Perl CVE : CVE-2013-2637 OVERVIEW The OTRS ITSM FAQ Module 3.2...
openSUSE Security Update : otrs (openSUSE-SU-2014:0561-1)
This otrs update fixes the following security and non security issues : - bnc871758: Fixed OSA-2014-04 CVE-2014-2553 and OSA-2014-05 CVE-2014-2554. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security...
openSUSE Security Update : otrs (openSUSE-SU-2011:0464-1)
This updated fixes a cross site scripting XSS issue in otrs. CVE-2011-1518 Upstream advisory: http://otrs.org/advisory/OSA-2011-01-en/ %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update otrs-4509...
OTRS ITSM XSS Vulnerability (OSA-2013-02)
OTRS ITSM is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:otrs:otrsitsm"; i...
OTRS ITSM Multiple Input Validation Vulnerability (OSA-2013-05)
Open Ticket Request System OTRS and OTRS:ITSM are prone to multiple input validation vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...