CVE-2015-6506

Summary: CVE-2015-6506 is a cross-site scripting (XSS) vulnerability in the Request Tracker (RT) cryptography interface, exploitable via a crafted public key in RT 4.x. Affected software: Request Tracker, versions before 4.2.12 (RT 4.x

Fedora 22 : rt-4.2.12-1.fc22 (2015-13718)

Security fix for CVE-2015-5475 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...

Fedora Update for rt FEDORA-2015-13664

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 22 Update: rt-4.2.12-1.fc22

RT is an enterprise-grade ticketing system which enables a group of people to intelligently and efficiently manage tasks, issues, and requests submitt ed by a community of users...

Design/Logic Flaw

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1,...

Privilege escalation

The Client/Server Run-time Subsystem CSRSS in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to obtain sensitive information via a crafted application that...

Design/Logic Flaw

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight...

FreeBSD : RT -- two XSS vulnerabilities (83b38a2c-413e-11e5-bfcf-6805ca0b3d42)

Best Practical reports : RT 4.0.0 and above are vulnerable to a cross-site scripting XSS attack via the user and group rights management pages. This vulnerability is assigned CVE-2015-5475. It was discovered and reported by Marcin Kopec at Data Reliance Shared Service Center. RT 4.2.0 and above a...

Microsoft DCOM RPC CVE-2015-2370 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to gain elevate privileges on a targeted system. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilot 4.0.1 Avaya CallPilot 5.1.0 Avaya Meeting Exchange - Client...

CVE-2015-1719

The kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to obtain sensitive information from kernel memory...

CVE-2015-1770

Microsoft Office 2013 SP1 and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Uninitialized Memory Use Vulnerability."...

ShopEx某服务器存在心脏出血

简要描述： 详细说明： oauth.ishopex.cn openapi.ishopex.cn id.shopex.cn IP：122.144.135.220 shopex.cnopenapi.ishopex.cn.ishopex.cnAccept: /Content-Length: 430Content-Type:...

Remote code execution

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution...

Type confusion

Microsoft Windows Server 2003 R2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted...

CVE-2015-1643

CVE-2015-1643 affects multiple Windows versions (Vista to Server 2012/R2, RT/RT 8.1, etc.). The root cause is NtCreateTransactionManager type confusion that fails to properly constrain impersonation levels, enabling a local unprivileged user to escalate to higher privileges via a crafted applicat...

Fedora 21 : rt-4.2.10-2.fc21 (2015-4666)

Security fix for CVE-2014-9472 Security fix for CVE-2015-1165 Security fix for CVE-2015-1464 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible...

Fedora Update for rt FEDORA-2015-4666

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2015-1165

RT aka Request Tracker 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to obtain sensitive RSS feed URLs and ticket data via unspecified vectors...

CVE-2014-9472

The email gateway in RT aka Request Tracker 3.0.0 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to cause a denial of service CPU and disk consumption via a crafted email...

Design/Logic Flaw

RT aka Request Tracker before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to hijack sessions via an RSS feed URL...