CVE-2008-7280

Kernel/System/EmailParser.pm in PostmasterPOP3.pl in Open Ticket Request System OTRS before 2.2.7 does not properly handle e-mail messages containing malformed UTF-8 characters, which allows remote attackers to cause a denial of service e-mail retrieval outage via a crafted message...

CVE-2008-7279

The CustomerInterface component in Open Ticket Request System OTRS before 2.2.8 allows remote authenticated users to bypass intended access restrictions and access tickets of arbitrary customers via unspecified vectors...

CVE-2008-7278

The S/MIME feature in Open Ticket Request System OTRS before 2.2.5, and 2.3.x before 2.3.0-beta1, does not properly configure the RANDFILE environment variable for OpenSSL, which might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available fo...

CVE-2008-7276

Kernel/System/Web/Request.pm in Open Ticket Request System OTRS before 2.3.2 creates a directory under /tmp/ with 1274 permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations, related to incorrect interpretation of 0700 as a decimal val...

CVE-2008-7275

Multiple cross-site scripting XSS vulnerabilities in Open Ticket Request System OTRS before 2.3.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 AgentTicketMailbox or 2 CustomerTicketOverView...

Linux Distros Unpatched Vulnerability : CVE-2018-7567

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Admin Package Manager in Open Ticket Request System OTRS 5.0.0 through 5.0.24 and 6.0.0 through 6.0.1, authenticated admins are able to exploit a Blind...

OTRS 安全漏洞

OTRS is a service management solution from OTRS Germany. A security vulnerability exists in OTRS that stems from a missing attribute for sensitive cookie settings in HTTPS sessions, and vulnerabilities in the OTRS Application Server and Reverse Proxy settings that allow session hijacking...

The vulnerability of the Process Management module of the OTRS order processing system allows a hacker to execute XSS attacks.

The vulnerability of the Process Management module of the OTRS request processing system is related to errors in filtering specific elements. Exploiting this vulnerability can allow a malicious actor to carry out XSS attacks remotely...

The vulnerability of the OTRS request processing system lies in the unprotected feature of inserting debugging information into the log file during index creation by Elasticsearch. This allows a hacker to disclose protected information.

The vulnerability of the OTRS request processing system lies in an unprotected feature that allows debugging information to be inserted into the log file during the creation of the Elasticsearch index. Exploiting this vulnerability can enable a malicious actor to disclose sensitive information...

OTRS Cross-Site Scripting Vulnerability

OTRS is an application from OTRS Germany. A service management software. A security vulnerability exists in OTRS versions prior to 7.0.47, 8.0.37, and OTRS Community Edition versions 6.0.X through 6.0.34, which originates from the fact that an attacker with the privilege to create and change...

DEBIAN-CVE-2018-17883

An issue was discovered in Open Ticket Request System OTRS 6.0.x before 6.0.12. An attacker could send an e-mail message with a malicious link to an OTRS system or an agent. If a logged-in agent opens this link, it could cause the execution of JavaScript in the context of OTRS...

UBUNTU-CVE-2018-17883

An issue was discovered in Open Ticket Request System OTRS 6.0.x before 6.0.12. An attacker could send an e-mail message with a malicious link to an OTRS system or an agent. If a logged-in agent opens this link, it could cause the execution of JavaScript in the context of OTRS...

Open Ticket Request System 跨站脚本漏洞

OTRS Open Ticket Request System OTRS is an open source defect tracking and management system software from OTRS Germany. The software categorizes service requests submitted by phone, email and other channels into different queues and service levels, and service personnel use the OTRS system to...

CVE-2018-17883

An issue was discovered in Open Ticket Request System OTRS 6.0.x before 6.0.12. An attacker could send an e-mail message with a malicious link to an OTRS system or an agent. If a logged-in agent opens this link, it could cause the execution of JavaScript in the context of OTRS...

CVE-2018-17883

The CVE-2018-17883 issue affects Open Ticket Request System (OTRS) 6.0.x prior to 6.0.12. An attacker can craft an e‑mail containing a malicious link; if a logged‑in agent opens that link, JavaScript could execute in the OTRS context. This is a user‑interaction‑required vulnerability with network...

CVE-2018-17883

An issue was discovered in Open Ticket Request System OTRS 6.0.x before 6.0.12. An attacker could send an e-mail message with a malicious link to an OTRS system or an agent. If a logged-in agent opens this link, it could cause the execution of JavaScript in the context of OTRS...

SUSE CVE-2005-3894

Multiple cross-site scripting XSS vulnerabilities in index.pl in Open Ticket Request System OTRS 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via 1 hex-encoded values in the QueueID parameter and 2 Action parameters...

SUSE CVE-2005-3895

Open Ticket Request System OTRS 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3, when AttachmentDownloadType is set to inline, renders text/html e-mail attachments as HTML in the browser when the queue moderator attempts to download the attachment, which allows remote attackers to execute arbitrary w...

SUSE CVE-2010-3476

Open Ticket Request System OTRS 2.3.x before 2.3.6 and 2.4.x before 2.4.8 does not properly handle the matching of Perl regular expressions against HTML e-mail messages, which allows remote attackers to cause a denial of service CPU consumption via a large message, a different vulnerability than...

SUSE CVE-2011-1518

Multiple cross-site scripting XSS vulnerabilities in Open Ticket Request System OTRS 2.4.x before 2.4.10 and 3.x before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...