170 matches found
CVE-2012-6579
Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to configure encryption or signing for certain outbound e-mail, and possibly cause a denial of service loss of e-mail readability, via an e-mail message to a queue's address...
CVE-2012-6581
Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to bypass intended restrictions on reading keys in the product's keyring, and trigger outbound e-mail messages signed by an arbitrary stored secret key, by leveraging a UI e-mail...
CVE-2012-6581
Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to bypass intended restrictions on reading keys in the product's keyring, and trigger outbound e-mail messages signed by an arbitrary stored secret key, by leveraging a UI e-mail...
CVE-2012-6579
The CVE-2012-6579 entry concerns Best Practical Solutions RT affected versions: RT 3.8.x before 3.8.15 and RT 4.0.x before 4.0.8, where enabling GnuPG allows remote attackers to configure encryption or signing for outbound e‑mail by sending a message to a queue address, potentially causing a deni...
CVE-2012-6580
CVE-2012-6580 affects Best Practical Solutions RT: RT 3.8.x before 3.8.15 and RT 4.0.x before 4.0.8, with GnuPG enabled. The issue is that the UI may not label unencrypted messages as unencrypted, which could allow remote attackers to spoof a message’s origin or interfere with encryption-policy a...
CVE-2012-6581
Best Practical Solutions RT: Affected versions are RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8 with GnuPG enabled. The vulnerability lets remote attackers bypass restrictions on reading keys in the keyring and trigger outbound e‑mail messages signed by an arbitrary stored secret key by abusing ...
CVE-2012-6578
CVE-2012-6578 affects Best Practical Solutions RT prior to 3.8.15 and 4.0.x prior to 4.0.8 when GnuPG signing is enabled with a "Sign by default" queue configuration. The flaw causes the system to sign messages using a queue’s key, enabling remote attackers to spoof messages due to missing authen...
CVE-2012-6578
Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled with a "Sign by default" queue configuration, uses a queue's key for signing, which might allow remote attackers to spoof messages by leveraging the lack of authentication semantics...
Request Tracker 3.8.x < 3.8.17 / 4.x < 4.0.13 Multiple Vulnerabilities
According to its self-reported version number, the Best Practical Solutions Request Tracker RT running on the remote web server is version 3.8.x prior to 3.8.17 or version 4.x prior to 4.0.13. It is, therefore, potentially affected by the following vulnerabilities : - A flaw exists that allows a...
CVE-2012-2769
Multiple cross-site scripting XSS vulnerabilities in the topic administration page in the Extension::MobileUI extension before 1.02 for Best Practical Solutions RT 3.8.x and in Best Practical Solutions RT before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via unspecified...
CVE-2012-2768
Multiple cross-site scripting XSS vulnerabilities in the topic administration page in the RTFM extension 2.0.4 through 2.4.3 for Best Practical Solutions RT allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2012-2770
The Authen::ExternalAuth extension before 0.11 for Best Practical Solutions RT allows remote attackers to obtain a logged-in session via unspecified vectors related to the "URL of a RSS feed of the user."...
DEBIAN-CVE-2012-2769
Multiple cross-site scripting XSS vulnerabilities in the topic administration page in the Extension::MobileUI extension before 1.02 for Best Practical Solutions RT 3.8.x and in Best Practical Solutions RT before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via unspecified...
CVE-2012-2769
Multiple cross-site scripting XSS vulnerabilities in the topic administration page in the Extension::MobileUI extension before 1.02 for Best Practical Solutions RT 3.8.x and in Best Practical Solutions RT before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via unspecified...
CVE-2012-2770
The Authen::ExternalAuth extension before 0.11 for Best Practical Solutions RT allows remote attackers to obtain a logged-in session via unspecified vectors related to the "URL of a RSS feed of the user."...
CVE-2012-2768
Multiple cross-site scripting XSS vulnerabilities in the topic administration page in the RTFM extension 2.0.4 through 2.4.3 for Best Practical Solutions RT allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2012-2769
Multiple cross-site scripting XSS vulnerabilities in the topic administration page in the Extension::MobileUI extension before 1.02 for Best Practical Solutions RT 3.8.x and in Best Practical Solutions RT before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via unspecified...
CVE-2012-2770
The Authen::ExternalAuth extension before 0.11 for Best Practical Solutions RT allows remote attackers to obtain a logged-in session via unspecified vectors related to the "URL of a RSS feed of the user."...
CVE-2012-2769
CVE-2012-2769: Multiple XSS vulnerabilities in the topic administration page of the Extension::MobileUI extension before 1.02 for Best Practical Solutions RT 3.8.x and in Best Practical Solutions RT before 4.0.6. Remote attackers can inject arbitrary web script or HTML via unspecified vectors. Af...
CVE-2012-2769
Multiple cross-site scripting XSS vulnerabilities in the topic administration page in the Extension::MobileUI extension before 1.02 for Best Practical Solutions RT 3.8.x and in Best Practical Solutions RT before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via unspecified...