377 matches found
Request Tracker 3.x < 3.8.9 Security Bypass and Information Disclosure
According to its self-reported version number, the Best Practical Solutions Request Tracker RT running on the remote web server is a version prior to 3.8.9. It is, therefore, potentially affected by the following vulnerabilities : - If an individual with a valid account logs out of Request Tracke...
CVE-2011-0009
Best Practical Solutions RT 3.x before 3.8.9rc2 and 4.x before 4.0.0rc4 uses the MD5 algorithm for password hashes, which makes it easier for context-dependent attackers to determine cleartext passwords via a brute-force attack on the database...
CVE-2011-0009
CVE-2011-0009 affects Best Practical Solutions RT 3.x (before 3.8.9rc2) and RT 4.x (before 4.0.0rc4), where password hashes used MD5, enabling context-dependent attackers to brute-force the database and recover cleartext passwords. DebRAN/Debian advisories note an incomplete fix in CVE-2011-0009 ...
CVE-2011-0009
Best Practical Solutions RT 3.x before 3.8.9rc2 and 4.x before 4.0.0rc4 uses the MD5 algorithm for password hashes, which makes it easier for context-dependent attackers to determine cleartext passwords via a brute-force attack on the database...
FreeBSD Ports: rt
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Request Tracker (RT) Detection (HTTP)
HTTP based detection of Request Tracker RT. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Request Tracker Default Credentials
It is possible to log into the Best Practical Solutions Request Tracker RT application by providing default credentials. A remote attacker can exploit this to gain administrative control. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; i...
Request Tracker Detection
The remote web server is running the Best Practical Solutions Request Tracker RT, an open source support ticket application written in Perl. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid43004; scriptversion"1.12"; scriptsetattributeattribute:"pluginmodificationdate...
Request Tracker Session Fixation Vulnerability
The version of Best Practical Solutions Request Tracker RT running on the remote web server is affected by a session fixation vulnerability due to the application authenticating users without invalidating their existing session ID. A remote attacker can exploit this by tricking a user into loggin...
Session fixation
Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that leverages a second web server within the same doma...
CVE-2009-4151
Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that leverages "HTTP access to the RT server," a relate...
CVE-2009-3585
Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that leverages a second web server within the same doma...
Session fixation
Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that leverages "HTTP access to the RT server," a relate...
CVE-2009-3585
Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that leverages a second web server within the same doma...
CVE-2009-4151
CVE-2009-4151 describes a session fixation vulnerability in Best Practical Solutions RT, affecting RT 3.0.0–3.6.9 and RT 3.8.x up to 3.8.5. The issue arises in the SetupSessionCookie path where an attacker can influence the session identifier via HTTP access to the RT server, enabling potential s...
CVE-2009-3585
CVE-2009-3585 concerns a session fixation vulnerability in Best Practical Solutions RT 3.0.0–3.6.9 and 3.8.x–3.8.5, in the SetupSessionCookie flow (html/Elements/SetupSessionCookie). The underlying issue allows remote attackers to hijack a user’s web session by manipulating the session identifier...
CVE-2009-3585
Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that leverages a second web server within the same doma...
Cross site scripting
Cross-site scripting XSS vulnerability in Best Practical Solutions RT 3.6.x before 3.6.9, 3.8.x before 3.8.5, and other 3.4.6 through 3.8.4 versions allows remote attackers to inject arbitrary web script or HTML via certain Custom Fields...
CVE-2009-3892
Cross-site scripting XSS vulnerability in Best Practical Solutions RT 3.6.x before 3.6.9, 3.8.x before 3.8.5, and other 3.4.6 through 3.8.4 versions allows remote attackers to inject arbitrary web script or HTML via certain Custom Fields...
CVE-2009-3892
The CVE-2009-3892 entry corresponds to a cross-site scripting (XSS) vulnerability in Best Practical Solutions RT (Request Tracker) releases in the 3.x line. Versions affected include RT 3.4.6–3.8.4, RT 3.6.x through 3.6.8, and RT 3.8.x through 3.8.4. The root cause is improper handling of input i...