25 matches found
CVE-2007-2524
Cross-site scripting XSS vulnerability in index.pl in Open Ticket Request System OTRS 2.0.x allows remote attackers to inject arbitrary web script or HTML via the Subaction parameter in an AgentTicketMailbox Action. NOTE: DEBIAN:DSA-1299 originally used this identifier for an ipsec-tools issue, b...
otrs-xss.txt
Geschreven door: ciri 2007-05-07 00:00:00 --------------------------------------------------------------------------------- | . | | \ \ / /||/ | | | \ Y / | \ \ \ | \ \ \ / / | | \ / | || | /| | | | // \ | | / |||| || |/ //\ \ | | / / | | Security without illusions | | www.virtuax.be | | |...
OTRS <= 2.0.x XSS/XSRF
--------------------------------------------------------------------------------- | . | | / /||/ | | | Y / | | / / | | / | || | /| | | | // | | / |||| || |/ // | | / / | | Security without illusions | | www.virtuax.be | | |...
CVE-2006-3221
SQL injection vulnerability in index.php in DataLife Engine 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via double-encoded values in the user parameter in a userinfo subaction...
CVE-2006-3221
DataLife Engine