15 matches found
EUVD-2010-4730
Malware in sbrugna...
EUVD-2020-12604
Malware in sbrugna...
EUVD-2020-12601
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2022-4427
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG OTRS Community Edition allows SQL Injection via TicketSearch Webservice This issue affects OTRS...
CVE-2022-39049
An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS...
CVE-2019-16375
An issue was discovered in Open Ticket Request System OTRS 7.0.x through 7.0.11, and Community Edition 5.0.x through 5.0.37 and 6.0.x through 6.0.22. An attacker who is logged in as an agent or customer user with appropriate permissions can create a carefully crafted string containing malicious...
CVE-2019-9753
An issue was discovered in Open Ticket Request System OTRS 7.x before 7.0.5. An attacker who is logged into OTRS as an agent or a customer user can use the search result screens to disclose information from invalid system entities. Following is the list of affected entities: Custom Pages, FAQ...
CVE-2019-9892
An issue was discovered in Open Ticket Request System OTRS 5.x through 5.0.34, 6.x through 6.0.17, and 7.x through 7.0.6. An attacker who is logged into OTRS as an agent user with appropriate permissions may try to import carefully crafted Report Statistics XML that will result in reading of...
CVE-2019-9752
An issue was discovered in Open Ticket Request System OTRS 5.x before 5.0.34, 6.x before 6.0.16, and 7.x before 7.0.4. An attacker who is logged into OTRS as an agent or a customer user may upload a carefully crafted resource in order to cause execution of JavaScript in the context of OTRS. This ...
CVE-2019-9751
An issue was discovered in Open Ticket Request System OTRS 6.x before 6.0.17 and 7.x before 7.0.5. An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS. This is related to Kernel/Output/Template/Document.pm...
CVE-2019-9752
An issue was discovered in Open Ticket Request System OTRS 5.x before 5.0.34, 6.x before 6.0.16, and 7.x before 7.0.4. An attacker who is logged into OTRS as an agent or a customer user may upload a carefully crafted resource in order to cause execution of JavaScript in the context of OTRS. This ...
CVE-2018-16587
In Open Ticket Request System OTRS 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a user with admin permissions opens it, it causes deletions of arbitrary files that the OTRS web server user has write access to...
CVE-2018-14593
An issue was discovered in Open Ticket Request System OTRS 6.0.x through 6.0.9, 5.0.x through 5.0.28, and 4.0.x through 4.0.30. An attacker who is logged into OTRS as an agent may escalate their privileges by accessing a specially crafted URL...
Code injection
An issue was discovered in OTRS 6.0.x before 6.0.7. An attacker who is logged into OTRS as a customer can use the ticket overview screen to disclose internal article information of their customer tickets...
CVE-2018-10198
An issue was discovered in OTRS 6.0.x before 6.0.7. An attacker who is logged into OTRS as a customer can use the ticket overview screen to disclose internal article information of their customer tickets...