FreeBSD : RT -- Multiple Vulnerabilities (e0a969e4-a512-11e1-90b4-e0cb4e266481)

BestPractical report : Internal audits of the RT codebase have uncovered a number of security vulnerabilities in RT. We are releasing versions 3.8.12 and 4.0.6 to resolve these vulnerabilities, as well as patches which apply atop all released versions of 3.8 and 4.0. The vulnerabilities addressed...

RT -- Multiple Vulnerabilities

BestPractical report: Internal audits of the RT codebase have uncovered a number of security vulnerabilities in RT. We are releasing versions 3.8.12 and 4.0.6 to resolve these vulnerabilities, as well as patches which apply atop all released versions of 3.8 and 4.0. The vulnerabilities addressed ...

RT (Request Tracker) Unspecified Security Bypass Vulnerability

This host is installed with Request Tracker and is prone to unspecified security bypass vulnerability. OpenVAS Vulnerability Test $Id: secpodrtunspecifiedsecbypassvuln.nasl 7024 2017-08-30 11:51:43Z teissa $ RT Request Tracker Unspecified Security Bypass Vulnerability Authors: Sooraj KS Copyright...

CVE-2011-1687

Best Practical Solutions RT 3.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote authenticated users to obtain sensitive information by using the search interface, as demonstrated by retrieving encrypted passwords...

Sql injection

Multiple SQL injection vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors, as demonstrated by reading data...

CVE-2011-1686

Multiple SQL injection vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors, as demonstrated by reading data...

CVE-2011-1686

CVE-2011-1686 concerns multiple SQL injection vulnerabilities in Best Practical Solutions RT across RT 2.0.0–3.6.10, 3.8.0–3.8.9, and 4.0.0rc–4.0.0rc7, allowing remote authenticated users to run arbitrary SQL via unspecified vectors (data reading demonstrated). Concrete references in connected do...

CVE-2011-1687

CVE-2011-1687 affects Best Practical Solutions RT (Request Tracker). The vulnerability allows remote authenticated users to obtain sensitive information by using the search interface, demonstrated by retrieving encrypted passwords. Affected RT versions include 3.0.0–3.6.10, 3.8.0–3.8.9, and 4.0.0...

CVE-2011-1688

CVE-2011-1688 affects Best Practical Solutions’ RT (Request Tracker). The OpenVAS entries and NVD record enumerate a directory traversal vulnerability exploitable via crafted HTTP requests that allows reading arbitrary files on RT installations. Affected versions include RT 3.2.0 up to 3.6.10, 3....

rt -- multiple vulnerabilities

Best Practical reports: In the process of preparing the release of RT 4.0.0, we performed an extensive security audit of RT's source code. During this audit, several vulnerabilities were found which affect earlier releases of RT...

CVE-2011-1007

Best Practical Solutions RT before 3.8.9 does not perform certain redirect actions upon a login, which allows physically proximate attackers to obtain credentials by resubmitting the login form via the back button of a web browser on an unattended workstation after an RT logout...

CVE-2011-1007

Best Practical Solutions RT before 3.8.9 does not perform certain redirect actions upon a login, which allows physically proximate attackers to obtain credentials by resubmitting the login form via the back button of a web browser on an unattended workstation after an RT logout...

Design/Logic Flaw

ScripsOverlay.pm in Best Practical Solutions RT before 3.8.9 does not properly restrict access to a TicketObj in a Scrip after a CurrentUser change, which allows remote authenticated users to obtain sensitive information via unspecified vectors, as demonstrated by custom-field value information,...

FreeBSD Ports: rt

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

FreeBSD Ports: rt

The remote host is missing an update to the system as announced in the referenced advisory. VID 714c1406-e4cf-11de-883a-003048590f9e OpenVAS Vulnerability Test $ Description: Auto generated from VID 714c1406-e4cf-11de-883a-003048590f9e Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

FreeBSD : rt -- Session fixation vulnerability (714c1406-e4cf-11de-883a-003048590f9e)

Secunia reports : A vulnerability has been reported in RT, which can be exploited by malicious people to conduct session fixation attacks. The vulnerability is caused due to an error in the handling of sessions and can be exploited to hijack another user's session by tricking the user into loggin...

CVE-2009-4151

CVE-2009-4151 describes a session fixation vulnerability in Best Practical Solutions RT, affecting RT 3.0.0–3.6.9 and RT 3.8.x up to 3.8.5. The issue arises in the SetupSessionCookie path where an attacker can influence the session identifier via HTTP access to the RT server, enabling potential s...

rt -- Session fixation vulnerability

Secunia reports: A vulnerability has been reported in RT, which can be exploited by malicious people to conduct session fixation attacks. The vulnerability is caused due to an error in the handling of sessions and can be exploited to hijack another user's session by tricking the user into logging...

CVE-2009-3892

The CVE-2009-3892 entry corresponds to a cross-site scripting (XSS) vulnerability in Best Practical Solutions RT (Request Tracker) releases in the 3.x line. Versions affected include RT 3.4.6–3.8.4, RT 3.6.x through 3.6.8, and RT 3.8.x through 3.8.4. The root cause is improper handling of input i...

[SECURITY] Fedora 11 Update: rt3-3.8.2-11.fc11

RT is an enterprise-grade ticketing system which enables a group of people to intelligently and efficiently manage tasks, issues, and requests submitt ed by a community of users...