Lucene search
+L

170 matches found

Debian CVE
Debian CVE
added 2013/07/24 10:0 a.m.44 views

CVE-2012-6579

Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to configure encryption or signing for certain outbound e-mail, and possibly cause a denial of service loss of e-mail readability, via an e-mail message to a queue's address...

6.4CVSS6.3AI score0.00792EPSS
Exploits0
Cvelist
Cvelist
added 2013/07/24 10:0 a.m.19 views

CVE-2012-6581

Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to bypass intended restrictions on reading keys in the product's keyring, and trigger outbound e-mail messages signed by an arbitrary stored secret key, by leveraging a UI e-mail...

6.2AI score0.012EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2013/07/24 10:0 a.m.32 views

CVE-2012-6581

Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to bypass intended restrictions on reading keys in the product's keyring, and trigger outbound e-mail messages signed by an arbitrary stored secret key, by leveraging a UI e-mail...

4.3CVSS6.4AI score0.012EPSS
Exploits0
CVE
CVE
added 2013/07/24 10:0 a.m.51 views

CVE-2012-6579

The CVE-2012-6579 entry concerns Best Practical Solutions RT affected versions: RT 3.8.x before 3.8.15 and RT 4.0.x before 4.0.8, where enabling GnuPG allows remote attackers to configure encryption or signing for outbound e‑mail by sending a message to a queue address, potentially causing a deni...

6.4CVSS6.7AI score0.00792EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2013/07/24 10:0 a.m.49 views

CVE-2012-6580

CVE-2012-6580 affects Best Practical Solutions RT: RT 3.8.x before 3.8.15 and RT 4.0.x before 4.0.8, with GnuPG enabled. The issue is that the UI may not label unencrypted messages as unencrypted, which could allow remote attackers to spoof a message’s origin or interfere with encryption-policy a...

4.3CVSS6.5AI score0.00635EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2013/07/24 10:0 a.m.52 views

CVE-2012-6581

Best Practical Solutions RT: Affected versions are RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8 with GnuPG enabled. The vulnerability lets remote attackers bypass restrictions on reading keys in the keyring and trigger outbound e‑mail messages signed by an arbitrary stored secret key by abusing ...

4.3CVSS6.4AI score0.012EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2013/07/24 10:0 a.m.56 views

CVE-2012-6578

CVE-2012-6578 affects Best Practical Solutions RT prior to 3.8.15 and 4.0.x prior to 4.0.8 when GnuPG signing is enabled with a "Sign by default" queue configuration. The flaw causes the system to sign messages using a queue’s key, enabling remote attackers to spoof messages due to missing authen...

4.3CVSS6.7AI score0.01061EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2013/07/24 10:0 a.m.37 views

CVE-2012-6578

Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled with a "Sign by default" queue configuration, uses a queue's key for signing, which might allow remote attackers to spoof messages by leveraging the lack of authentication semantics...

4.3CVSS6.5AI score0.01061EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/07/22 12:0 a.m.44 views

Request Tracker 3.8.x < 3.8.17 / 4.x < 4.0.13 Multiple Vulnerabilities

According to its self-reported version number, the Best Practical Solutions Request Tracker RT running on the remote web server is version 3.8.x prior to 3.8.17 or version 4.x prior to 4.0.13. It is, therefore, potentially affected by the following vulnerabilities : - A flaw exists that allows a...

6.8CVSS7.8AI score0.02428EPSS
Exploits0References12
NVD
NVD
added 2012/08/15 9:55 p.m.14 views

CVE-2012-2769

Multiple cross-site scripting XSS vulnerabilities in the topic administration page in the Extension::MobileUI extension before 1.02 for Best Practical Solutions RT 3.8.x and in Best Practical Solutions RT before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via unspecified...

4.3CVSS5.8AI score0.01187EPSS
Exploits0References4
NVD
NVD
added 2012/08/15 9:55 p.m.25 views

CVE-2012-2768

Multiple cross-site scripting XSS vulnerabilities in the topic administration page in the RTFM extension 2.0.4 through 2.4.3 for Best Practical Solutions RT allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.7AI score0.01187EPSS
Exploits0References5
NVD
NVD
added 2012/08/15 9:55 p.m.13 views

CVE-2012-2770

The Authen::ExternalAuth extension before 0.11 for Best Practical Solutions RT allows remote attackers to obtain a logged-in session via unspecified vectors related to the "URL of a RSS feed of the user."...

5CVSS6.4AI score0.01362EPSS
Exploits0References4
OSV
OSV
added 2012/08/15 9:55 p.m.7 views

DEBIAN-CVE-2012-2769

Multiple cross-site scripting XSS vulnerabilities in the topic administration page in the Extension::MobileUI extension before 1.02 for Best Practical Solutions RT 3.8.x and in Best Practical Solutions RT before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via unspecified...

4.3CVSS6AI score0.01187EPSS
Exploits0References1
OSV
OSV
added 2012/08/15 9:55 p.m.9 views

CVE-2012-2769

Multiple cross-site scripting XSS vulnerabilities in the topic administration page in the Extension::MobileUI extension before 1.02 for Best Practical Solutions RT 3.8.x and in Best Practical Solutions RT before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via unspecified...

5.9AI score
Exploits0References5
UbuntuCve
UbuntuCve
added 2012/08/15 9:55 p.m.19 views

CVE-2012-2770

The Authen::ExternalAuth extension before 0.11 for Best Practical Solutions RT allows remote attackers to obtain a logged-in session via unspecified vectors related to the "URL of a RSS feed of the user."...

5CVSS5.9AI score0.01362EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2012/08/15 9:55 p.m.25 views

CVE-2012-2768

Multiple cross-site scripting XSS vulnerabilities in the topic administration page in the RTFM extension 2.0.4 through 2.4.3 for Best Practical Solutions RT allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.9AI score0.01187EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2012/08/15 9:55 p.m.31 views

CVE-2012-2769

Multiple cross-site scripting XSS vulnerabilities in the topic administration page in the Extension::MobileUI extension before 1.02 for Best Practical Solutions RT 3.8.x and in Best Practical Solutions RT before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via unspecified...

4.3CVSS6AI score0.01187EPSS
Exploits0References4
Cvelist
Cvelist
added 2012/08/15 9:0 p.m.21 views

CVE-2012-2770

The Authen::ExternalAuth extension before 0.11 for Best Practical Solutions RT allows remote attackers to obtain a logged-in session via unspecified vectors related to the "URL of a RSS feed of the user."...

6.3AI score0.01362EPSS
Exploits0References4
CVE
CVE
added 2012/08/15 9:0 p.m.39 views

CVE-2012-2769

CVE-2012-2769: Multiple XSS vulnerabilities in the topic administration page of the Extension::MobileUI extension before 1.02 for Best Practical Solutions RT 3.8.x and in Best Practical Solutions RT before 4.0.6. Remote attackers can inject arbitrary web script or HTML via unspecified vectors. Af...

4.3CVSS5.9AI score0.01187EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2012/08/15 9:0 p.m.21 views

CVE-2012-2769

Multiple cross-site scripting XSS vulnerabilities in the topic administration page in the Extension::MobileUI extension before 1.02 for Best Practical Solutions RT 3.8.x and in Best Practical Solutions RT before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via unspecified...

5.8AI score0.01187EPSS
Exploits0References4
Rows per page
Query Builder