CVE-2013-2379

Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 12.0.1 allows remote authenticated users to affect integrity via unknown vectors related to RT...

Design/Logic Flaw

Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 12.0.1 allows remote authenticated users to affect integrity via unknown vectors related to RT...

CVE-2013-2379

Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 12.0.1 allows remote authenticated users to affect integrity via unknown vectors related to RT...

AbanteCart 1.1.3 Cross Site Scripting

AbanteCart suffers from multiple reflected cross-site scripting vulnerabilities. The issues are triggered when input passed via several parameters to 'index.php' script is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in ...

CVE-2012-4884

CVE-2012-4884 concerns Request Tracker (RT). The issue is an argument injection vulnerability in RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, related to the GnuPG client, which allows remote attackers to create arbitrary files via unspecified vectors. Affected software is the Best Practical Sol...

FreeBSD : RT -- Multiple Vulnerabilities (4b738d54-2427-11e2-9817-c8600054b392)

BestPractical report : All versions of RT are vulnerable to an email header injection attack. Users with ModifySelf or AdminUser can cause RT to add arbitrary headers or content to outgoing mail. Depending on the scrips that are configured, this may be be leveraged for information leakage or...

Debian: Security Advisory (DSA-2567-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RT -- Multiple Vulnerabilities

BestPractical report: All versions of RT are vulnerable to an email header injection attack. Users with ModifySelf or AdminUser can cause RT to add arbitrary headers or content to outgoing mail. Depending on the scrips that are configured, this may be be leveraged for information leakage or...

CVE-2012-2770

The Authen::ExternalAuth extension before 0.11 for Best Practical Solutions RT allows remote attackers to obtain a logged-in session via unspecified vectors related to the "URL of a RSS feed of the user."...

[SECURITY] Fedora 17 Update: perl-RT-Authen-ExternalAuth-0.11-1.fc17

A complete package for adding external authentication mechanisms to RT. It currently supports LDAP via Net::LDAP and External Database authentication for any database with an installed DBI driver...

CVE-2011-2084

Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to read 1 hashes of former passwords and 2 ticket correspondence history by leveraging access to a privileged account...

CVE-2011-4460

SQL injection vulnerability in Best Practical Solutions RT 2.x and 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to execute arbitrary SQL commands by leveraging access to a privileged account...

CVE-2011-5092

Best Practical Solutions RT 3.8.x before 3.8.12 and 4.x before 4.0.6 allows remote attackers to execute arbitrary code and gain privileges via unspecified vectors, a different vulnerability than CVE-2011-4458 and CVE-2011-5093...

Design/Logic Flaw

Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not properly disable groups, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging a group membership...

CVE-2011-2083

The CVE-2011-2083 entry concerns Best Practical Solutions RT. It affects RT 3.x before 3.8.12 and RT 4.x before 4.0.6, where multiple cross-site scripting (XSS) vulnerabilities could allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. The connected records corro...

CVE-2011-4458

The CVE-2011-4458 entry affects Best Practical Solutions RT 3.6.x, 3.7.x, and 3.8.x before 3.8.12 and RT 4.x before 4.0.6. When VERPPrefix and VERPDomain options are enabled, this permits remote code execution via unspecified vectors. Affected versions: RT 3.6.x/3.7.x/3.8.x prior to 3.8.12 and RT...

CVE-2011-4459

CVE-2011-4459 affects Best Practical Solutions RT: 3.x before 3.8.12 and 4.x before 4.0.6. Root cause: groups are not properly disabled, allowing remote authenticated users to bypass intended access restrictions by leveraging a group membership. Impact: access restriction bypass in opportunistic ...

CVE-2011-4460

The CVE-2011-4460 entry concerns a SQL injection vulnerability in Best Practical Solutions RT versions 2.x and 3.x prior to 3.8.12 and 4.x prior to 4.0.6. The issue allows a remote authenticated attacker, with access to a privileged account, to execute arbitrary SQL commands on the back-end datab...

CVE-2011-5092

CVE-2011-5092 affects Best Practical Solutions RT 3.8.x prior to 3.8.12 and RT 4.x prior to 4.0.6. The vulnerability is described as an unspecified flaw that allows remote attackers to execute arbitrary code and gain privileges; a different issue from CVE-2011-4458 and CVE-2011-5093. The connecte...

[SECURITY] Fedora 16 Update: rt3-3.8.12-1.fc16

RT is an enterprise-grade ticketing system which enables a group of people to intelligently and efficiently manage tasks, issues, and requests submitt ed by a community of users...