CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

342 matches found

UbuntuCve•added 2014/03/01 12:1 a.m.•28 views

CVE-2014-1695

Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML email...

4.3CVSS7AI score0.03629EPSS

Exploits5References3

Cvelist•added 2014/02/28 5:0 p.m.•23 views

CVE-2014-1695

7.2AI score0.03629EPSS

Exploits5References8

OSV•added 2014/02/04 9:55 p.m.•2 views

CVE-2014-1694

Multiple cross-site request forgery CSRF vulnerabilities in 1 CustomerPreferences.pm, 2 CustomerTicketMessage.pm, 3 CustomerTicketProcess.pm, and 4 CustomerTicketZoom.pm in Kernel/Modules/ in Open Ticket Request System OTRS 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allow...

7.2AI score

Exploits0References16

OSV•added 2014/02/04 9:55 p.m.•2 views

CVE-2014-1471

SQL injection vulnerability in the StateGetStatesByType function in Kernel/System/State.pm in Open Ticket Request System OTRS 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allows remote attackers to execute arbitrary SQL commands via vectors related to a ticket search URL...

8.1AI score

Exploits0References12

OSV•added 2014/02/04 9:55 p.m.•1 views

DEBIAN-CVE-2014-1471

7.5CVSS8.4AI score0.01617EPSS

Exploits0References1

OSV•added 2014/02/04 9:55 p.m.•0 views

UBUNTU-CVE-2014-1471

7.5CVSS6.2AI score0.01617EPSS

Exploits0References4

OSV•added 2014/02/04 9:55 p.m.•1 views

UBUNTU-CVE-2014-1694

6.8CVSS5.9AI score0.00584EPSS

Exploits1References4

Debian CVE•added 2014/02/04 4:0 p.m.•18 views

CVE-2014-1694

6.8CVSS7AI score0.00584EPSS

Exploits1

OpenVAS•added 2013/09/27 12:0 a.m.•17 views

OTRS Mailbox HTML Injection Vulnerability (OSA-2007-01)

Open Ticket Request System OTRS is prone to a HTML injection vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.1AI score

Exploits0References1

OpenVAS•added 2013/09/21 12:0 a.m.•897 views

OTRS < 3.0.3 Password Disclosure Vulnerability

Open Ticket Request System OTRS is prone to a password disclosure vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

1.9CVSS6.4AI score0.0006EPSS

Exploits1

OpenVAS•added 2013/08/02 12:0 a.m.•37 views

Debian Security Advisory DSA 2733-1 (otrs2 - SQL injection)

It was discovered that otrs2, the Open Ticket Request System, does not properly sanitise user-supplied data that is used on SQL queries. An attacker with a valid agent login could exploit this issue to craft SQL queries by injecting arbitrary SQL code through manipulated URLs. OpenVAS Vulnerabili...

4.3CVSS0.4AI score0.05551EPSS

Exploits2References1

OpenVAS•added 2013/06/19 12:0 a.m.•28 views

Debian Security Advisory DSA 2712-1 (otrs2 - privilege escalation)

It was discovered that users with a valid agent login could use crafted URLs to bypass access control restrictions and read tickets to which they should not have access. The oldstable distribution squeeze is not affected by this problem. OpenVAS Vulnerability Test $Id: deb2712.nasl 6611 2017-07-0...

0.6AI score0.01832EPSS

Exploits0References1

OpenVAS•added 2013/05/29 12:0 a.m.•30 views

Debian Security Advisory DSA 2696-1 (otrs2 - privilege escalation)

A vulnerability has been discovered in the Open Ticket Request System, which can be exploited by malicious users to disclose potentially sensitive information. An attacker with a valid agent login could manipulate URLs in the ticket split mechanism to see contents of tickets they are not permitte...

0.2AI score0.00303EPSS

Exploits0References1

OpenVAS•added 2013/05/28 12:0 a.m.•18 views

Debian: Security Advisory (DSA-2696-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.6AI score0.00303EPSS

Exploits0References3

OSV•added 2012/10/22 4:55 p.m.•5 views

CVE-2012-4751

Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with whitespace before a javascript: URL in the SRC...

5.5AI score

Exploits0References7

Debian CVE•added 2012/10/22 4:0 p.m.•27 views

CVE-2012-4751

4.3CVSS7.6AI score0.05551EPSS

Exploits2

Cvelist•added 2012/10/22 4:0 p.m.•29 views

CVE-2012-4751

6.8AI score0.05551EPSS

Exploits2References7

OSV•added 2012/08/31 2:55 p.m.•1 views

DEBIAN-CVE-2012-4600

Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with nested HTML tags...

2.6CVSS6AI score0.06222EPSS

Exploits2References1

OSV•added 2012/08/31 2:55 p.m.•7 views

CVE-2012-4600

5.5AI score

Exploits0References5