CVE-2018-14593

An issue was discovered in Open Ticket Request System OTRS 6.0.x through 6.0.9, 5.0.x through 5.0.28, and 4.0.x through 4.0.30. An attacker who is logged into OTRS as an agent may escalate their privileges by accessing a specially crafted URL...

UBUNTU-CVE-2018-14593

An issue was discovered in Open Ticket Request System OTRS 6.0.x through 6.0.9, 5.0.x through 5.0.28, and 4.0.x through 4.0.30. An attacker who is logged into OTRS as an agent may escalate their privileges by accessing a specially crafted URL...

Design/Logic Flaw

An issue was discovered in Open Ticket Request System OTRS 6.0.x through 6.0.9, 5.0.x through 5.0.28, and 4.0.x through 4.0.30. An attacker who is logged into OTRS as an agent may escalate their privileges by accessing a specially crafted URL...

CVE-2018-14593

CVE-2018-14593 affects Open Ticket Request System (OTRS) versions 6.0.x up to 6.0.9, 5.0.x up to 5.0.28, and 4.0.x up to 4.0.30. An attacker authenticated as an OTRS agent can escalate privileges by accessing a specially crafted URL. Multiple security advisories (Debian, openSUSE, SUSE, OpenVAS) ...

Open Ticket Request System Remote Code Execution Vulnerability

Open Ticket Request System OTRS is an open source defect tracking and management system software from the German OTRS Group. The software categorizes service requests submitted through various channels such as phone calls, emails, etc. into different queues and service levels, and the service...

CVE-2018-7567

In the Admin Package Manager in Open Ticket Request System OTRS 5.0.0 through 5.0.24 and 6.0.0 through 6.0.1, authenticated admins are able to exploit a Blind Remote Code Execution vulnerability by loading a crafted opm file with an embedded CodeInstall element to execute a command on the server...

UBUNTU-CVE-2018-7567

In the Admin Package Manager in Open Ticket Request System OTRS 5.0.0 through 5.0.24 and 6.0.0 through 6.0.1, authenticated admins are able to exploit a Blind Remote Code Execution vulnerability by loading a crafted opm file with an embedded CodeInstall element to execute a command on the server...

UBUNTU-CVE-2017-17476

Open Ticket Request System OTRS 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email...

CVE-2017-17476

Open Ticket Request System OTRS 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email...

Open Ticket Request System Code Injection Vulnerability

Open Ticket Request System OTRS is an open source defect tracking and management system software. A code injection vulnerability exists in Kernel/System/Spelling.pm in Open Ticket Request System OTRS. A remote authenticated attacker can exploit this vulnerability by executing shell commands as a...

CVE-2017-16664

Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System OTRS 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. In the agent interface, an authenticated remote attacker can execute shell commands as the webserver user via URL manipulation...

CVE-2017-16664

Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System OTRS 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. In the agent interface, an authenticated remote attacker can execute shell commands as the webserver user via URL manipulation...

CVE-2017-16664

Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System OTRS 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. In the agent interface, an authenticated remote attacker can execute shell commands as the webserver user via URL manipulation...

Open Ticket Request System Agent Frontend Information Disclosure Vulnerability

Open Ticket Request System OTRS is an open source defect tracking and management system software from the German OTRS Group. The software categorizes service requests submitted through various channels such as phone calls, emails, etc. into different queues and service levels, and service personn...

Information disclosure

In the Agent Frontend in Open Ticket Request System OTRS 3.3.x through 3.3.18, with a crafted URL it is possible to gain information like database user and password...

CVE-2017-15864

In the Agent Frontend in Open Ticket Request System OTRS 3.3.x through 3.3.18, with a crafted URL it is possible to gain information like database user and password...

CVE-2017-15864

In the Agent Frontend in Open Ticket Request System OTRS 3.3.x through 3.3.18, with a crafted URL it is possible to gain information like database user and password...

DEBIAN-CVE-2017-15864

In the Agent Frontend in Open Ticket Request System OTRS 3.3.x through 3.3.18, with a crafted URL it is possible to gain information like database user and password...

Open Ticket Request System Remote Code Execution Vulnerability

Open Ticket Request System OTRS is an open source defect tracking and management system software from the German OTRS Group. A security vulnerability exists in OTRS versions 3.3.x prior to 3.3.18, 4.x prior to 4.0.25, and 5.x prior to 5.0.23. A remote attacker can exploit the vulnerability to...

Code injection

In Open Ticket Request System OTRS 3.3.x before 3.3.18, 4.x before 4.0.25, and 5.x before 5.0.23, remote authenticated users can leverage statistics-write permissions to gain privileges via code injection...