14 matches found
EUVD-2014-9149
Malware in sbrugna...
EUVD-2012-4899
Malware in sbrugna...
EUVD-2023-23408
Malicious code in bioql PyPI...
CVE-2024-12123 Unauthorized Modification of Ticket Requester
A hidden field manipulation vulnerability was identified in Issuetrak version 17.1 that could be triggered by an authenticated user. When an authenticated user submits a ticket, the request can be intercepted and subsequently modified by using a proxy. The ticket requester can be changed from the...
CVE-2023-1125 Ruby Help Desk < 1.3.4 - Subscriber+ Ticket Update via IDOR
The Ruby Help Desk WordPress plugin before 1.3.4 does not ensure that the ticket being modified belongs to the user making the request, allowing an attacker to close and/or add files and replies to tickets other than their own...
PT-2023-16773 · WordPress · Ruby Help Desk
Name of the Vulnerable Software and Affected Versions: Ruby Help Desk WordPress plugin versions prior to 1.3.4 Description: The issue allows an attacker to close and/or add files and replies to tickets other than their own, as the plugin does not ensure that the ticket being modified belongs to t...
CVE-2020-11466
An issue was discovered in Deskpro before 2019.8.0. The /api/tickets endpoint failed to properly validate a user's privilege, allowing an attacker to retrieve arbitrary information about all helpdesk tickets stored in database with numerous filters. This leaked sensitive information to unauthoriz...
DEBIAN-CVE-2010-5108
Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions...
CVE-2010-5108
Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions...
Code injection
Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions...
CVE-2010-5108
The provided connected documents confirm a concrete vulnerability: Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. The root cause is an improper permission check during workflow transitions, which could let an attacker change a ticket’s status and resolution wi...
CVE-2014-9324
The GenericInterface in OTRS Help Desk 3.2.x before 3.2.17, 3.3.x before 3.3.11, and 4.0.x before 4.0.3 allows remote authenticated users to access and modify arbitrary tickets via unspecified vectors...
CVE-2014-9324
CVE-2014-9324 affects OTRS Help Desk: GenericInterface access-control problems allow remote authenticated users to access and modify ticket data. Affected versions are OTRS 3.2.x before 3.2.17, 3.3.x before 3.3.11, and 4.0.x before 4.0.3. Consequences include unauthorized ticket data access/manip...
CVE-2003-0303
SQL injection vulnerability in one||zero aka One or Zero Helpdesk 1.4 rc4 allows remote attackers to modify arbitrary ticket number descriptions via the sg parameter...