Lucene search
K

56 matches found

Prion
Prion
added 2015/03/09 2:59 p.m.17 views

Design/Logic Flaw

RT aka Request Tracker 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to obtain sensitive RSS feed URLs and ticket data via unspecified vectors...

5CVSS6.8AI score0.02118EPSS
Exploits0References4Affected Software3
Cvelist
Cvelist
added 2015/03/09 2:0 p.m.33 views

CVE-2015-1165

RT aka Request Tracker 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to obtain sensitive RSS feed URLs and ticket data via unspecified vectors...

8.4AI score0.02118EPSS
Exploits0References4
CVE
CVE
added 2015/03/09 2:0 p.m.67 views

CVE-2015-1165

CVE-2015-1165 affects RT (Request Tracker) 3.8.8 through RT 4.x up to 4.0.23 and 4.2.x up to 4.2.10, enabling remote attackers to obtain sensitive RSS feed URLs and ticket data via unspecified vectors. The connected advisories/documents indicate multiple vendors released security updates to addre...

5CVSS8.2AI score0.02118EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2015/01/20 2:57 p.m.11 views

MGASA-2015-0031 Updated otrs package fixes CVE-2014-9324

Updated otrs package fixes security vulnerability: An attacker with valid OTRS credentials could access and manipulate ticket data of other users via the GenericInterface, if a ticket webservice is configured and not additionally secured CVE-2014-9324...

6CVSS6.3AI score0.01778EPSS
Exploits0References5
Debian
Debian
added 2015/01/10 12:40 p.m.46 views

[SECURITY] [DSA 3124-1] otrs2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3124-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso January 10, 2015 http://www.debian.org/security/faq -...

6CVSS2.5AI score0.01778EPSS
Exploits0
OpenVAS
OpenVAS
added 2014/12/24 12:0 a.m.28 views

OTRS 3.2.x < 3.2.17, 3.3.x < 3.3.11, 4.x < 4.0.3 Help Desk Privilege Escalation Vulnerability (Dec 2014)

Open Ticket Request System OTRS Help Desk is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...

6CVSS6.4AI score0.01778EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2014/12/16 12:0 a.m.30 views

otrs -- Incomplete Access Control

The OTRS project reports: An attacker with valid OTRS credentials could access and manipulate ticket data of other users via the GenericInterface, if a ticket webservice is configured and not additionally secured...

6CVSS6.4AI score0.01778EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2013/05/24 12:0 a.m.40 views

RT: Request Tracker < 3.8.17 / 4.0.13 Multiple Vulnerabilities

Binary data 6841.prm...

6.8CVSS8.9AI score0.02428EPSS
Exploits0References10
NVD
NVD
added 2012/12/12 11:38 a.m.20 views

CVE-2012-4975

editrequestuser.asp in Layton Helpbox 4.4.0 allows remote authenticated users to change arbitrary support-ticket data via a modified sysrequestid parameter...

4CVSS6.3AI score0.00842EPSS
Exploits1References2
Cvelist
Cvelist
added 2012/12/12 11:0 a.m.24 views

CVE-2012-4975

editrequestuser.asp in Layton Helpbox 4.4.0 allows remote authenticated users to change arbitrary support-ticket data via a modified sysrequestid parameter...

6.3AI score0.00842EPSS
Exploits1References2
CVE
CVE
added 2012/12/12 11:0 a.m.48 views

CVE-2012-4975

CVE-2012-4975 affects Layton Helpbox 4.4.0. An authorization bypass exists on editrequestuser.asp: by changing the sys_request_id parameter, a remote authenticated attacker can access and modify other users’ support-ticket data, effectively logging in as another user and altering data. The descri...

4CVSS6.4AI score0.00842EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2012/01/14 12:0 a.m.6 views

PT-2012-2798 · Whmcs · Whmcs

Name of the Vulnerable Software and Affected Versions: WHMCS version 5.03 Description: The issue allows remote attackers to inject arbitrary code into a subject field via crafted ticket data in the submitticket.php file. Note that the vendor disputes this issue, stating that some details overlap...

5CVSS7.6AI score0.01022EPSS
Exploits1References5
OSV
OSV
added 2011/03/18 4:55 p.m.11 views

CVE-2010-4765

Race condition in the Kernel::System::Main::FileWrite method in Open Ticket Request System OTRS before 2.4.8 allows remote authenticated users to corrupt the TicketCounter.log data in opportunistic circumstances by creating tickets...

6.4AI score
Exploits0References2
Cvelist
Cvelist
added 2011/03/18 4:0 p.m.30 views

CVE-2010-4761

The customer-interface ticket-print dialog in Open Ticket Request System OTRS before 3.0.0-beta3 does not properly restrict customer-visible data, which allows remote authenticated users to obtain potentially sensitive information from the 1 responsible, 2 owner, 3 accounted time, 4 pending until...

5.7AI score0.01289EPSS
Exploits0References2
Cvelist
Cvelist
added 2006/10/20 5:0 p.m.18 views

CVE-2006-5428

rpc.php in Cerberus Helpdesk 3.2.1 does not verify a client's privileges for a displaygetrequesters operation, which allows remote attackers to bypass the GUI login and obtain sensitive information ticket data via a direct request...

6.3AI score0.02707EPSS
Exploits0References5
exploitpack
exploitpack
added 2006/10/18 12:0 a.m.17 views

Cerberus Helpdesk 3.2.1 - Rpc.php Unauthorized Access

Cerberus Helpdesk 3.2.1 - Rpc.php Unauthorized Access source: https://www.securityfocus.com/bid/20598/info Cerberus Helpdesk is prone to an unauthorized-access vulnerability because the application fails to authenticate users properly, resulting in an improper-access validation. A workaround is...

0.8AI score
Exploits0
Rows per page
Query Builder