CVE-2025-31501

Best Practical RT Request Tracker 5.0 through 5.0.7 allows XSS via JavaScript injection in an RT permalink...

Request Tracker -- information exposure vulnerability

Request Tracker reports: CVE-2024-3262 describes previously viewed pages being stored in the browser cache, which is the typical default behavior of most browsers to enable the "back" button. Someone who gains access to a host computer could potentially view ticket data using the back button, eve...

rt42 -- denial-of-service attack via the email gateway

The RT development team reports: Versions of RT between 4.2.0 and 4.2.2 inclusive are vulnerable to a denial-of-service attack via the email gateway; any installation which accepts mail from untrusted sources is vulnerable, regardless of the permissions configuration inside RT. This vulnerability...

UBUNTU-CVE-2012-6579

Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to configure encryption or signing for certain outbound e-mail, and possibly cause a denial of service loss of e-mail readability, via an e-mail message to a queue's address...

CVE-2011-1007

Best Practical Solutions RT before 3.8.9 does not perform certain redirect actions upon a login, which allows physically proximate attackers to obtain credentials by resubmitting the login form via the back button of a web browser on an unattended workstation after an RT logout...