Lucene search
+L

56 matches found

CVE
CVE
added 2025/02/04 6:41 a.m.48 views

CVE-2024-13607

CVE-2024-13607 : The WordPress plugin “JS Help Desk – The Ultimate Help Desk & Support Plugin” is vulnerable to Insecure Direct Object Reference via exportusereraserequest in all versions up to and including 2.8.8. Authenticated users with Subscriber-level permissions and above can export ticket ...

4.3CVSS4.3AI score0.00404EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/07/04 12:0 a.m.11 views

FreeBSD : Request Tracker -- information exposure vulnerability (51498ee4-39a1-11ef-b609-002590c1f29c)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 51498ee4-39a1-11ef-b609-002590c1f29c advisory. Request Tracker reports: CVE-2024-3262 describes previously viewed pages being stored in the browser...

5.5CVSS5.5AI score0.00285EPSS
Exploits0References3
OSV
OSV
added 2024/06/19 8:57 a.m.6 views

CLSA-2024-1718787475 krb5: Fix of CVE-2023-39975

CVE-2023-39975: fix double free vulnerability in authorization-data handling to prevent incorrect data copying from one ticket to another...

8.8CVSS7AI score0.01229EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2024/04/04 12:0 a.m.15 views

Request Tracker -- information exposure vulnerability

Request Tracker reports: CVE-2024-3262 describes previously viewed pages being stored in the browser cache, which is the typical default behavior of most browsers to enable the "back" button. Someone who gains access to a host computer could potentially view ticket data using the back button, eve...

5.5CVSS6.9AI score0.00285EPSS
Exploits0References1
NVD
NVD
added 2023/11/24 2:15 a.m.28 views

CVE-2023-33706

SysAid before 23.2.15 allows Indirect Object Reference IDOR attacks to read ticket data via a modified sid parameter to EmailHtmlSourceIframe.jsp or a modified srID parameter to ShowMessage.jsp...

6.5CVSS0.00582EPSS
Exploits1References1
OSV
OSV
added 2023/11/24 2:15 a.m.5 views

CVE-2023-33706

SysAid before 23.2.15 allows Indirect Object Reference IDOR attacks to read ticket data via a modified sid parameter to EmailHtmlSourceIframe.jsp or a modified srID parameter to ShowMessage.jsp...

6.5CVSS5.8AI score0.00582EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2023/11/24 2:15 a.m.6 views

CVE-2023-33706

SysAid before 23.2.15 allows Indirect Object Reference IDOR attacks to read ticket data via a modified sid parameter to EmailHtmlSourceIframe.jsp or a modified srID parameter to ShowMessage.jsp...

6.5CVSS6.6AI score0.00582EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/11/24 12:0 a.m.7 views

Sysaid Technologies SysAid Security Vulnerabilities

Sysaid Technologies SysAid is a suite of IT service management solutions from Sysaid Technologies, Israel. A security vulnerability exists in Sysaid Technologies SysAid versions prior to 23.2.15 that stems from the presence of an insecure direct object reference IDOR issue that allows an attacker...

6.5CVSS6.6AI score0.00582EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2023/08/16 3:15 p.m.5 views

CVE-2023-39975

kdc/dotgsreq.c in MIT Kerberos 5 aka krb5 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another...

8.8CVSS7AI score0.01229EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2023/08/16 12:0 a.m.2 views

CVE-2023-39975

kdc/dotgsreq.c in MIT Kerberos 5 aka krb5 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another...

5.4AI score0.01229EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/07/27 12:0 a.m.6 views

Fossil 跨站脚本漏洞

Fossil is a simple, highly reliable distributed software configuration management system. A security vulnerability exists in Fossil version 2.18 that stems from ticket data being stored in a temporary file and the product's inability to correctly handle the file's absence after Windows Defender...

5.5CVSS5.7AI score0.0035EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/02/07 12:0 a.m.5 views

Wordpress Plugin SupportCandy 跨站请求伪造漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A cross-site request forgery vulnerability...

8.8CVSS7.7AI score0.00612EPSS
Exploits2References2
CNNVD
CNNVD
added 2020/12/28 12:0 a.m.10 views

Zammad 安全漏洞

Zammad is a Web-based open source helpdesk/customer support system. An access control error vulnerability exists in Zammad versions prior to 3.5.1. An attacker can exploit this vulnerability to bypass auditing and change Ticket Article data via REST API calls...

7.5CVSS5.8AI score0.00899EPSS
Exploits0References3
OSV
OSV
added 2020/07/20 9:15 p.m.4 views

UBUNTU-CVE-2020-1776

When an agent user is renamed or set to invalid the session belonging to the user is keept active. The session can not be used to access ticket data in the case the agent is invalid. This issue affects OTRS Community Edition: 6.0.28 and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and...

4.3CVSS6.1AI score0.00946EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2020/07/20 9:4 p.m.24 views

CVE-2020-1776

When an agent user is renamed or set to invalid the session belonging to the user is keept active. The session can not be used to access ticket data in the case the agent is invalid. This issue affects OTRS Community Edition: 6.0.28 and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and...

4.3CVSS4.8AI score0.00946EPSS
Exploits0
OSV
OSV
added 2020/06/04 7:15 a.m.2 views

UBUNTU-CVE-2020-13777

GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3. The earliest affected version is 3.6.4 2018-09-24 because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS...

7.4CVSS7.1AI score0.17507EPSS
Exploits3References4
OSV
OSV
added 2020/04/01 9:15 p.m.8 views

CVE-2020-11466

An issue was discovered in Deskpro before 2019.8.0. The /api/tickets endpoint failed to properly validate a user's privilege, allowing an attacker to retrieve arbitrary information about all helpdesk tickets stored in database with numerous filters. This leaked sensitive information to unauthoriz...

4.3CVSS6.8AI score0.01234EPSS
Exploits1References3
Mageia
Mageia
added 2017/09/03 2:31 p.m.49 views

Updated rt/perl-Encode packages fix security vulnerability

RT 4.0.0 and above are vulnerable to a limited privilege escalation leading to unauthorized modification of ticket data. The DeleteTicket right and any custom lifecycle transition rights may be bypassed by any user with ModifyTicket CVE-2012-4733. RT 3.8.0 and above include a version of bin/rt th...

8.8CVSS9.2AI score0.02825EPSS
Exploits0References5
NVD
NVD
added 2015/03/09 2:59 p.m.19 views

CVE-2015-1165

RT aka Request Tracker 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to obtain sensitive RSS feed URLs and ticket data via unspecified vectors...

5CVSS6.3AI score0.02118EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2015/03/09 2:59 p.m.21 views

CVE-2015-1165

RT aka Request Tracker 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to obtain sensitive RSS feed URLs and ticket data via unspecified vectors...

5CVSS7.2AI score0.02118EPSS
Exploits0References1
Rows per page
Query Builder