CVE-2011-0456

webscript.pl in Open Ticket Request System OTRS 2.3.4 and earlier allows remote attackers to execute arbitrary commands via unspecified vectors, related to a "command injection vulnerability."...

CVE-2010-3476

Open Ticket Request System OTRS 2.3.x before 2.3.6 and 2.4.x before 2.4.8 does not properly handle the matching of Perl regular expressions against HTML e-mail messages, which allows remote attackers to cause a denial of service CPU consumption via a large message, a different vulnerability than...

CVE-2010-2080

Multiple cross-site scripting XSS vulnerabilities in Open Ticket Request System OTRS 2.3.x before 2.3.6 and 2.4.x before 2.4.8 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

DEBIAN-CVE-2010-2080

Multiple cross-site scripting XSS vulnerabilities in Open Ticket Request System OTRS 2.3.x before 2.3.6 and 2.4.x before 2.4.8 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

Debian DSA-1993-1 : otrs2 - sql injection

It was discovered that otrs2, the Open Ticket Request System, does not properly sanitise input data that is used on SQL queries, which might be used to inject arbitrary SQL to, for example, escalate privileges on a system that uses otrs2. The oldstable distribution etch is not affected...

[SECURITY] Fedora 7 Update: otrs-2.1.5-4.fc7

OTRS is an Open source Ticket Request System also well known as trouble ti cket system with many features to manage customer telephone calls and e-mails. The system is built to allow your support, sales, pre-sales, billing, internal IT, helpdesk, etc. department to react quickly to inbound...

DSA-1298-1 otrs2

Bulletin has no description...

CVE-2007-2524

Cross-site scripting XSS vulnerability in index.pl in Open Ticket Request System OTRS 2.0.x allows remote attackers to inject arbitrary web script or HTML via the Subaction parameter in an AgentTicketMailbox Action. NOTE: DEBIAN:DSA-1299 originally used this identifier for an ipsec-tools issue, b...

CVE-2007-2524

Cross-site scripting XSS vulnerability in index.pl in Open Ticket Request System OTRS 2.0.x allows remote attackers to inject arbitrary web script or HTML via the Subaction parameter in an AgentTicketMailbox Action. NOTE: DEBIAN:DSA-1299 originally used this identifier for an ipsec-tools issue, b...

DEBIAN-CVE-2007-2524

Cross-site scripting XSS vulnerability in index.pl in Open Ticket Request System OTRS 2.0.x allows remote attackers to inject arbitrary web script or HTML via the Subaction parameter in an AgentTicketMailbox Action. NOTE: DEBIAN:DSA-1299 originally used this identifier for an ipsec-tools issue, b...

Request It 1.0b (index.php id) Remote File Inclusion Vulnerability

No description provided by source. Request It : Song Request System 1.0b - remote file inclusion Software: Request It : Song Request System Type: remote file inclusion Version: 1.0b Date: 2007-04-09 Url: http://scripts.ringsworld.com/organizers/requestit/ Risc: middle...

Request It 1.0b - index.php?id Remote File Inclusion

Request It 1.0b - index.php?id Remote File Inclusion Request It : Song Request System 1.0b - remote file inclusion Software: Request It : Song Request System Type: remote file inclusion Version: 1.0b Date: 2007-04-09 Url: http://scripts.ringsworld.com/organizers/requestit/ Risc: middle...

Request It 1.0b (index.php id) Remote File Inclusion Vulnerability

Exploit for unknown platform in category web applications ================================================================== Request It 1.0b index.php id Remote File Inclusion Vulnerability ================================================================== Request It : Song Request System 1.0b -...

srs10-rfi.txt

Request It : Song Request System 1.0b - remote file inclusion Software: Request It : Song Request System Type: remote file inclusion Version: 1.0b Date: 2007-04-09 Url: http://scripts.ringsworld.com/organizers/requestit/ Risc: middle ------------------------------------ Credit:...

Request It : Song Request System 1.0b - remote file inclusion

Request It : Song Request System 1.0b - remote file inclusion Software: Request It : Song Request System Type: remote file inclusion Version: 1.0b Date: 2007-04-09 Url: http://scripts.ringsworld.com/organizers/requestit/ Risc: middle ------------------------------------ Credit:...

CVE-2007-0310

The CVE-2007-0310 entry concerns BMC Remedy Action Request System 5.01.02 Patch 1267. The vulnerability arises because login error messages differ between valid‑username and invalid‑username attempts, allowing remote attackers to enumerate valid account names. Impact stated: attacker can determin...

DSA-973-1 otrs - several

Bulletin has no description...

CVE-2005-3894

Multiple cross-site scripting XSS vulnerabilities in index.pl in Open Ticket Request System OTRS 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via 1 hex-encoded values in the QueueID parameter and 2 Action parameters...

CVE-2005-3894

Multiple cross-site scripting XSS vulnerabilities in index.pl in Open Ticket Request System OTRS 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via 1 hex-encoded values in the QueueID parameter and 2 Action parameters...

CVE-2005-3895

Open Ticket Request System OTRS 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3, when AttachmentDownloadType is set to inline, renders text/html e-mail attachments as HTML in the browser when the queue moderator attempts to download the attachment, which allows remote attackers to execute arbitrary w...