56 matches found
CVE-2024-13607
CVE-2024-13607 : The WordPress plugin “JS Help Desk – The Ultimate Help Desk & Support Plugin” is vulnerable to Insecure Direct Object Reference via exportusereraserequest in all versions up to and including 2.8.8. Authenticated users with Subscriber-level permissions and above can export ticket ...
FreeBSD : Request Tracker -- information exposure vulnerability (51498ee4-39a1-11ef-b609-002590c1f29c)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 51498ee4-39a1-11ef-b609-002590c1f29c advisory. Request Tracker reports: CVE-2024-3262 describes previously viewed pages being stored in the browser...
CLSA-2024-1718787475 krb5: Fix of CVE-2023-39975
CVE-2023-39975: fix double free vulnerability in authorization-data handling to prevent incorrect data copying from one ticket to another...
Request Tracker -- information exposure vulnerability
Request Tracker reports: CVE-2024-3262 describes previously viewed pages being stored in the browser cache, which is the typical default behavior of most browsers to enable the "back" button. Someone who gains access to a host computer could potentially view ticket data using the back button, eve...
CVE-2023-33706
SysAid before 23.2.15 allows Indirect Object Reference IDOR attacks to read ticket data via a modified sid parameter to EmailHtmlSourceIframe.jsp or a modified srID parameter to ShowMessage.jsp...
CVE-2023-33706
SysAid before 23.2.15 allows Indirect Object Reference IDOR attacks to read ticket data via a modified sid parameter to EmailHtmlSourceIframe.jsp or a modified srID parameter to ShowMessage.jsp...
CVE-2023-33706
SysAid before 23.2.15 allows Indirect Object Reference IDOR attacks to read ticket data via a modified sid parameter to EmailHtmlSourceIframe.jsp or a modified srID parameter to ShowMessage.jsp...
Sysaid Technologies SysAid Security Vulnerabilities
Sysaid Technologies SysAid is a suite of IT service management solutions from Sysaid Technologies, Israel. A security vulnerability exists in Sysaid Technologies SysAid versions prior to 23.2.15 that stems from the presence of an insecure direct object reference IDOR issue that allows an attacker...
CVE-2023-39975
kdc/dotgsreq.c in MIT Kerberos 5 aka krb5 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another...
CVE-2023-39975
kdc/dotgsreq.c in MIT Kerberos 5 aka krb5 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another...
Fossil 跨站脚本漏洞
Fossil is a simple, highly reliable distributed software configuration management system. A security vulnerability exists in Fossil version 2.18 that stems from ticket data being stored in a temporary file and the product's inability to correctly handle the file's absence after Windows Defender...
Wordpress Plugin SupportCandy 跨站请求伪造漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A cross-site request forgery vulnerability...
Zammad 安全漏洞
Zammad is a Web-based open source helpdesk/customer support system. An access control error vulnerability exists in Zammad versions prior to 3.5.1. An attacker can exploit this vulnerability to bypass auditing and change Ticket Article data via REST API calls...
UBUNTU-CVE-2020-1776
When an agent user is renamed or set to invalid the session belonging to the user is keept active. The session can not be used to access ticket data in the case the agent is invalid. This issue affects OTRS Community Edition: 6.0.28 and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and...
CVE-2020-1776
When an agent user is renamed or set to invalid the session belonging to the user is keept active. The session can not be used to access ticket data in the case the agent is invalid. This issue affects OTRS Community Edition: 6.0.28 and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and...
UBUNTU-CVE-2020-13777
GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3. The earliest affected version is 3.6.4 2018-09-24 because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS...
CVE-2020-11466
An issue was discovered in Deskpro before 2019.8.0. The /api/tickets endpoint failed to properly validate a user's privilege, allowing an attacker to retrieve arbitrary information about all helpdesk tickets stored in database with numerous filters. This leaked sensitive information to unauthoriz...
Updated rt/perl-Encode packages fix security vulnerability
RT 4.0.0 and above are vulnerable to a limited privilege escalation leading to unauthorized modification of ticket data. The DeleteTicket right and any custom lifecycle transition rights may be bypassed by any user with ModifyTicket CVE-2012-4733. RT 3.8.0 and above include a version of bin/rt th...
CVE-2015-1165
RT aka Request Tracker 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to obtain sensitive RSS feed URLs and ticket data via unspecified vectors...
CVE-2015-1165
RT aka Request Tracker 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to obtain sensitive RSS feed URLs and ticket data via unspecified vectors...