CVE-2011-1687

Best Practical Solutions RT 3.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote authenticated users to obtain sensitive information by using the search interface, as demonstrated by retrieving encrypted passwords...

Directory traversal

Directory traversal vulnerability in Best Practical Solutions RT 3.2.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote attackers to read arbitrary files via a crafted HTTP request...

CVE-2011-1685

CVE-2011-1685 affects Best Practical RT (Request Tracker) versions 3.8.0–3.8.9 and 4.0.0rc–4.0.0rc7, where enabling CustomFieldValuesSources (external custom fields) allows remote authenticated users to execute arbitrary code via CSRF. The vulnerability arises from the external custom field featu...

CVE-2011-1688

CVE-2011-1688 affects Best Practical Solutions’ RT (Request Tracker). The OpenVAS entries and NVD record enumerate a directory traversal vulnerability exploitable via crafted HTTP requests that allows reading arbitrary files on RT installations. Affected versions include RT 3.2.0 up to 3.6.10, 3....

CVE-2011-1687

CVE-2011-1687 affects Best Practical Solutions RT (Request Tracker). The vulnerability allows remote authenticated users to obtain sensitive information by using the search interface, demonstrated by retrieving encrypted passwords. Affected RT versions include 3.0.0–3.6.10, 3.8.0–3.8.9, and 4.0.0...

CVE-2011-1688

Directory traversal vulnerability in Best Practical Solutions RT 3.2.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote attackers to read arbitrary files via a crafted HTTP request...

CVE-2011-1686

CVE-2011-1686 concerns multiple SQL injection vulnerabilities in Best Practical Solutions RT across RT 2.0.0–3.6.10, 3.8.0–3.8.9, and 4.0.0rc–4.0.0rc7, allowing remote authenticated users to run arbitrary SQL via unspecified vectors (data reading demonstrated). Concrete references in connected do...

CVE-2011-1689

CVE-2011-1689 affects Best Practical Solutions RT (2.x–4.0.0rc7), with multiple XSS vulnerabilities allowing remote script injection via unspecified vectors. Public sources confirm RT is vulnerable across listed versions; Debian advisory notes fixes in RT 3.8.x branch (e.g., 3.8.8–7+squeeze1, 3.8...

CVE-2011-1687

Best Practical Solutions RT 3.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote authenticated users to obtain sensitive information by using the search interface, as demonstrated by retrieving encrypted passwords...

CVE-2011-1686

Multiple SQL injection vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors, as demonstrated by reading data...

CVE-2011-1685

Best Practical Solutions RT 3.8.0 through 3.8.9 and 4.0.0rc through 4.0.0rc7, when the CustomFieldValuesSources aka external custom field option is enabled, allows remote authenticated users to execute arbitrary code via unspecified vectors, as demonstrated by a cross-site request forgery CSRF...

CVE-2011-1689

Multiple cross-site scripting XSS vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2011-1690

Summary: CVE-2011-1690 affects Best Practical Solutions RT (Request Tracker) 3.6.0–3.6.10 and 3.8.0–3.8.8. It enables remote attackers to trick users into sending credentials to an arbitrary server via unspecified vectors (no exploit details provided in the sources). The vulnerability is categori...

Ashton Kutcher's Twitter account hacked !

TV prankster Ashton Kutcher has been Punk'd – jokers hacked into his beloved Twitter account on Wednesday. The actor famously fooled celebrities including Beyoncé, Kanye West, and Pete Wentz on his MTV hidden camera show in which he played outrageous practical jokes on his unsuspecting victims...

CVE-2011-1008

ScripsOverlay.pm in Best Practical Solutions RT before 3.8.9 does not properly restrict access to a TicketObj in a Scrip after a CurrentUser change, which allows remote authenticated users to obtain sensitive information via unspecified vectors, as demonstrated by custom-field value information,...

CVE-2011-1007

Best Practical Solutions RT before 3.8.9 does not perform certain redirect actions upon a login, which allows physically proximate attackers to obtain credentials by resubmitting the login form via the back button of a web browser on an unattended workstation after an RT logout...

Design/Logic Flaw

ScripsOverlay.pm in Best Practical Solutions RT before 3.8.9 does not properly restrict access to a TicketObj in a Scrip after a CurrentUser change, which allows remote authenticated users to obtain sensitive information via unspecified vectors, as demonstrated by custom-field value information,...

CVE-2011-1008

ScripsOverlay.pm in Best Practical Solutions RT before 3.8.9 does not properly restrict access to a TicketObj in a Scrip after a CurrentUser change, which allows remote authenticated users to obtain sensitive information via unspecified vectors, as demonstrated by custom-field value information,...

CVE-2011-1007

Best Practical Solutions RT before 3.8.9 does not perform certain redirect actions upon a login, which allows physically proximate attackers to obtain credentials by resubmitting the login form via the back button of a web browser on an unattended workstation after an RT logout...

CVE-2011-1008

The CVE-2011-1008 entry concerns Best Practical Solutions’ Request Tracker (RT) prior to 3.8.9. A vulnerability in Scrips_Overlay.pm allows remote authenticated users to access sensitive information from a TicketObj after a CurrentUser change, with evidence of exposure via custom-field data tied ...