56 matches found
Design/Logic Flaw
RT aka Request Tracker 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to obtain sensitive RSS feed URLs and ticket data via unspecified vectors...
CVE-2015-1165
RT aka Request Tracker 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to obtain sensitive RSS feed URLs and ticket data via unspecified vectors...
CVE-2015-1165
CVE-2015-1165 affects RT (Request Tracker) 3.8.8 through RT 4.x up to 4.0.23 and 4.2.x up to 4.2.10, enabling remote attackers to obtain sensitive RSS feed URLs and ticket data via unspecified vectors. The connected advisories/documents indicate multiple vendors released security updates to addre...
MGASA-2015-0031 Updated otrs package fixes CVE-2014-9324
Updated otrs package fixes security vulnerability: An attacker with valid OTRS credentials could access and manipulate ticket data of other users via the GenericInterface, if a ticket webservice is configured and not additionally secured CVE-2014-9324...
[SECURITY] [DSA 3124-1] otrs2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3124-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso January 10, 2015 http://www.debian.org/security/faq -...
OTRS 3.2.x < 3.2.17, 3.3.x < 3.3.11, 4.x < 4.0.3 Help Desk Privilege Escalation Vulnerability (Dec 2014)
Open Ticket Request System OTRS Help Desk is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...
otrs -- Incomplete Access Control
The OTRS project reports: An attacker with valid OTRS credentials could access and manipulate ticket data of other users via the GenericInterface, if a ticket webservice is configured and not additionally secured...
RT: Request Tracker < 3.8.17 / 4.0.13 Multiple Vulnerabilities
Binary data 6841.prm...
CVE-2012-4975
editrequestuser.asp in Layton Helpbox 4.4.0 allows remote authenticated users to change arbitrary support-ticket data via a modified sysrequestid parameter...
CVE-2012-4975
editrequestuser.asp in Layton Helpbox 4.4.0 allows remote authenticated users to change arbitrary support-ticket data via a modified sysrequestid parameter...
CVE-2012-4975
CVE-2012-4975 affects Layton Helpbox 4.4.0. An authorization bypass exists on editrequestuser.asp: by changing the sys_request_id parameter, a remote authenticated attacker can access and modify other users’ support-ticket data, effectively logging in as another user and altering data. The descri...
PT-2012-2798 · Whmcs · Whmcs
Name of the Vulnerable Software and Affected Versions: WHMCS version 5.03 Description: The issue allows remote attackers to inject arbitrary code into a subject field via crafted ticket data in the submitticket.php file. Note that the vendor disputes this issue, stating that some details overlap...
CVE-2010-4765
Race condition in the Kernel::System::Main::FileWrite method in Open Ticket Request System OTRS before 2.4.8 allows remote authenticated users to corrupt the TicketCounter.log data in opportunistic circumstances by creating tickets...
CVE-2010-4761
The customer-interface ticket-print dialog in Open Ticket Request System OTRS before 3.0.0-beta3 does not properly restrict customer-visible data, which allows remote authenticated users to obtain potentially sensitive information from the 1 responsible, 2 owner, 3 accounted time, 4 pending until...
CVE-2006-5428
rpc.php in Cerberus Helpdesk 3.2.1 does not verify a client's privileges for a displaygetrequesters operation, which allows remote attackers to bypass the GUI login and obtain sensitive information ticket data via a direct request...
Cerberus Helpdesk 3.2.1 - Rpc.php Unauthorized Access
Cerberus Helpdesk 3.2.1 - Rpc.php Unauthorized Access source: https://www.securityfocus.com/bid/20598/info Cerberus Helpdesk is prone to an unauthorized-access vulnerability because the application fails to authenticate users properly, resulting in an improper-access validation. A workaround is...