377 matches found
CVE-2011-2084
Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to read 1 hashes of former passwords and 2 ticket correspondence history by leveraging access to a privileged account...
CVE-2011-5092
CVE-2011-5092 affects Best Practical Solutions RT 3.8.x prior to 3.8.12 and RT 4.x prior to 4.0.6. The vulnerability is described as an unspecified flaw that allows remote attackers to execute arbitrary code and gain privileges; a different issue from CVE-2011-4458 and CVE-2011-5093. The connecte...
CVE-2011-2085
Multiple cross-site request forgery CSRF vulnerabilities in Best Practical Solutions RT before 3.8.12 and 4.x before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users...
CVE-2011-4459
Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not properly disable groups, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging a group membership...
CVE-2011-2083
The CVE-2011-2083 entry concerns Best Practical Solutions RT. It affects RT 3.x before 3.8.12 and RT 4.x before 4.0.6, where multiple cross-site scripting (XSS) vulnerabilities could allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. The connected records corro...
CVE-2011-2084
The CVE-2011-2084 entry concerns Best Practical Solutions RT 3.x < 3.8.12 and RT 4.x
CVE-2011-5093
CVE-2011-5093 affects Best Practical Solutions RT, 4.x prior to 4.0.6. The DisallowExecuteCode option is not properly implemented, allowing remote authenticated users to bypass access restrictions and execute arbitrary code via a privileged account. This is part of the RT multi-vulnerability set ...
CVE-2011-4460
The CVE-2011-4460 entry concerns a SQL injection vulnerability in Best Practical Solutions RT versions 2.x and 3.x prior to 3.8.12 and 4.x prior to 4.0.6. The issue allows a remote authenticated attacker, with access to a privileged account, to execute arbitrary SQL commands on the back-end datab...
CVE-2011-4459
Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not properly disable groups, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging a group membership...
CVE-2011-5092
Best Practical Solutions RT 3.8.x before 3.8.12 and 4.x before 4.0.6 allows remote attackers to execute arbitrary code and gain privileges via unspecified vectors, a different vulnerability than CVE-2011-4458 and CVE-2011-5093...
CVE-2011-2082
The vulnerable-passwords script in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not update the password-hash algorithm for disabled user accounts, which makes it easier for context-dependent attackers to determine cleartext passwords, and possibly use these passwords...
CVE-2011-2085
CVE-2011-2085 affects Best Practical Solutions RT, with CSRF vulnerabilities that could hijack user sessions. Affected are RT 3.x before 3.8.12 and RT 4.x before 4.0.6. The advisory details multiple issues—CSRF in particular allows remote attackers to impersonate legitimate users. The connected d...
CVE-2011-2085
Multiple cross-site request forgery CSRF vulnerabilities in Best Practical Solutions RT before 3.8.12 and 4.x before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users...
CVE-2011-4458
Best Practical Solutions RT 3.6.x, 3.7.x, and 3.8.x before 3.8.12 and 4.x before 4.0.6, when the VERPPrefix and VERPDomain options are enabled, allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-5092 and CVE-2011-5093...
CVE-2011-4460
SQL injection vulnerability in Best Practical Solutions RT 2.x and 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to execute arbitrary SQL commands by leveraging access to a privileged account...
CVE-2011-2083
Multiple cross-site scripting XSS vulnerabilities in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2011-4459
CVE-2011-4459 affects Best Practical Solutions RT: 3.x before 3.8.12 and 4.x before 4.0.6. Root cause: groups are not properly disabled, allowing remote authenticated users to bypass intended access restrictions by leveraging a group membership. Impact: access restriction bypass in opportunistic ...
CVE-2011-4460
SQL injection vulnerability in Best Practical Solutions RT 2.x and 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to execute arbitrary SQL commands by leveraging access to a privileged account...
CVE-2011-4458
The CVE-2011-4458 entry affects Best Practical Solutions RT 3.6.x, 3.7.x, and 3.8.x before 3.8.12 and RT 4.x before 4.0.6. When VERPPrefix and VERPDomain options are enabled, this permits remote code execution via unspecified vectors. Affected versions: RT 3.6.x/3.7.x/3.8.x prior to 3.8.12 and RT...
CVE-2011-2082
CVE-2011-2082 affects Best Practical Solutions RT: vulnerable-passwords script in RT 3.x < 3.8.12 and RT 4.x