36 matches found
CVE-2011-2082
CVE-2011-2082 affects Best Practical Solutions RT: vulnerable-passwords script in RT 3.x < 3.8.12 and RT 4.x
CVE-2013-3370
CVE-2013-3370 affects Request Tracker (RT) 3.8.x prior to 3.8.17 and 4.0.x prior to 4.0.13. The flaw is failure to properly restrict access to private callback components, allowing remote attackers to trigger an unspecified impact via a direct request. The connected documents consistently describ...
CVE-2011-0009
CVE-2011-0009 affects Best Practical Solutions RT 3.x (before 3.8.9rc2) and RT 4.x (before 4.0.0rc4), where password hashes used MD5, enabling context-dependent attackers to brute-force the database and recover cleartext passwords. DebRAN/Debian advisories note an incomplete fix in CVE-2011-0009 ...
CVE-2013-3371
CVE-2013-3371 is an XSS vulnerability in Request Tracker (RT) affecting RT 3.8.3–3.8.16 and RT 4.0.x before 4.0.13. The vulnerability allows remote attackers to inject arbitrary web script or HTML via the filename of an attachment. Connected documents corroborate the affected versions and the XSS...
CVE-2013-5587
CVE-2013-5587 applies to RT 4.x before 4.0.13, where, when the MakeClicky feature is configured, an attacker can inject arbitrary web script or HTML through a URL in a ticket. This vulnerability is explicitly split from CVE-2013-3371 due to differences in affected versions. Public details in the ...
CVE-2011-2085
CVE-2011-2085 affects Best Practical Solutions RT, with CSRF vulnerabilities that could hijack user sessions. Affected are RT 3.x before 3.8.12 and RT 4.x before 4.0.6. The advisory details multiple issues—CSRF in particular allows remote attackers to impersonate legitimate users. The connected d...
CVE-2013-3368
The CVE-2013-3368 entry concerns RT (Request Tracker) where bin/rt in RT 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name. Connected documents reiterate this exact description across multip...
CVE-2009-3585
CVE-2009-3585 concerns a session fixation vulnerability in Best Practical Solutions RT 3.0.0–3.6.9 and 3.8.x–3.8.5, in the SetupSessionCookie flow (html/Elements/SetupSessionCookie). The underlying issue allows remote attackers to hijack a user’s web session by manipulating the session identifier...
CVE-2011-1689
CVE-2011-1689 affects Best Practical Solutions RT (2.x–4.0.0rc7), with multiple XSS vulnerabilities allowing remote script injection via unspecified vectors. Public sources confirm RT is vulnerable across listed versions; Debian advisory notes fixes in RT 3.8.x branch (e.g., 3.8.8–7+squeeze1, 3.8...
CVE-2011-2083
The CVE-2011-2083 entry concerns Best Practical Solutions RT. It affects RT 3.x before 3.8.12 and RT 4.x before 4.0.6, where multiple cross-site scripting (XSS) vulnerabilities could allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. The connected records corro...
CVE-2013-3372
RT 3.8.x before 3.8.17 and 4.0.x before 4.0.13 are affected by a vulnerability that allows remote attackers to inject multiple Content-Disposition HTTP headers, potentially enabling cross-site scripting (XSS) via unspecified vectors. Affected products/versions should be upgraded to fixed releases...
CVE-2011-4458
The CVE-2011-4458 entry affects Best Practical Solutions RT 3.6.x, 3.7.x, and 3.8.x before 3.8.12 and RT 4.x before 4.0.6. When VERPPrefix and VERPDomain options are enabled, this permits remote code execution via unspecified vectors. Affected versions: RT 3.6.x/3.7.x/3.8.x prior to 3.8.12 and RT...
CVE-2011-4460
The CVE-2011-4460 entry concerns a SQL injection vulnerability in Best Practical Solutions RT versions 2.x and 3.x prior to 3.8.12 and 4.x prior to 4.0.6. The issue allows a remote authenticated attacker, with access to a privileged account, to execute arbitrary SQL commands on the back-end datab...
CVE-2012-4732
Vulnerability (CVE-2012-4732) : A cross-site request forgery (CSRF) in Request Tracker (RT) versions 3.8.12 and earlier than 3.8.15, and 4.0.6 and earlier than 4.0.8, lets remote attackers hijack user authentication to perform actions that toggle ticket bookmarks. Affected product: Request Tracke...
CVE-2013-3373
CVE-2013-3373: CRLF/header injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary HTTP headers and perform HTTP response splitting via a MIME header. Affected RT versions include 3.8.x (pre-3.8.17) and 4.0.x (pre-4.0...
CVE-2011-4459
CVE-2011-4459 affects Best Practical Solutions RT: 3.x before 3.8.12 and 4.x before 4.0.6. Root cause: groups are not properly disabled, allowing remote authenticated users to bypass intended access restrictions by leveraging a group membership. Impact: access restriction bypass in opportunistic ...
CVE-2011-5092
CVE-2011-5092 affects Best Practical Solutions RT 3.8.x prior to 3.8.12 and RT 4.x prior to 4.0.6. The vulnerability is described as an unspecified flaw that allows remote attackers to execute arbitrary code and gain privileges; a different issue from CVE-2011-4458 and CVE-2011-5093. The connecte...
CVE-2013-3369
CVE-2013-3369 affects Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13. The flaw allows remote authenticated users who have permission to view administration pages to execute arbitrary private components via unspecified vectors. The available connected sources corroborate the affe...
CVE-2011-1686
CVE-2011-1686 concerns multiple SQL injection vulnerabilities in Best Practical Solutions RT across RT 2.0.0–3.6.10, 3.8.0–3.8.9, and 4.0.0rc–4.0.0rc7, allowing remote authenticated users to run arbitrary SQL via unspecified vectors (data reading demonstrated). Concrete references in connected do...
CVE-2011-1687
CVE-2011-1687 affects Best Practical Solutions RT (Request Tracker). The vulnerability allows remote authenticated users to obtain sensitive information by using the search interface, demonstrated by retrieving encrypted passwords. Affected RT versions include 3.0.0–3.6.10, 3.8.0–3.8.9, and 4.0.0...
CVE-2012-4733
CVE-2012-4733 affects Request Tracker (RT) 4.x prior to 4.0.13. The issue is an improper enforcement of the DeleteTicket and “custom lifecycle transition” permissions, allowing remote authenticated users who have the ModifyTicket permission to delete tickets via unspecified vectors. The connected...
CVE-2011-1007
CVE-2011-1007 affects Best Practical Solutions RT prior to 3.8.9. The issue is a login redirect flaw that allows a physically proximate attacker to reuse the back button after logout to access credentials or previous session data. The impact is a partial disclosure through session re-use on an un...
CVE-2013-3374
RT (Request Tracker) is affected by an unspecified vulnerability in the Apache::Session::File session store, impacting RT 3.8.x before 3.8.17 and RT 4.0.x before 4.0.13. The issue enables remote attackers to obtain sensitive information (user preferences and caches) via unknown vectors related to...
CVE-2009-4151
CVE-2009-4151 describes a session fixation vulnerability in Best Practical Solutions RT, affecting RT 3.0.0–3.6.9 and RT 3.8.x up to 3.8.5. The issue arises in the SetupSessionCookie path where an attacker can influence the session identifier via HTTP access to the RT server, enabling potential s...
CVE-2011-1685
CVE-2011-1685 affects Best Practical RT (Request Tracker) versions 3.8.0–3.8.9 and 4.0.0rc–4.0.0rc7, where enabling CustomFieldValuesSources (external custom fields) allows remote authenticated users to execute arbitrary code via CSRF. The vulnerability arises from the external custom field featu...
CVE-2011-1688
CVE-2011-1688 affects Best Practical Solutions’ RT (Request Tracker). The OpenVAS entries and NVD record enumerate a directory traversal vulnerability exploitable via crafted HTTP requests that allows reading arbitrary files on RT installations. Affected versions include RT 3.2.0 up to 3.6.10, 3....
CVE-2012-4884
CVE-2012-4884 concerns Request Tracker (RT). The issue is an argument injection vulnerability in RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, related to the GnuPG client, which allows remote attackers to create arbitrary files via unspecified vectors. Affected software is the Best Practical Sol...
CVE-2011-2084
The CVE-2011-2084 entry concerns Best Practical Solutions RT 3.x < 3.8.12 and RT 4.x
CVE-2012-4730
CVE-2012-4730 affects Best Practical Solutions’ Request Tracker (RT), specifically versions 3.8.x before 3.8.15 and 4.0.x before 4.0.8. The public description in the connected sources states that remote authenticated users who have ModifySelf or AdminUser privileges can inject arbitrary email hea...
CVE-2012-4734
Request Tracker (RT) vulnerable versions: 3.8.x before 3.8.15 and 4.0.x before 4.0.8. Description: a remote attacker can bypass the CSRF warning via a crafted link to cause victims to modify arbitrary state (confused deputy). The sources confirm affected ranges and attack surface; exploitation sp...
CVE-2011-1690
Summary: CVE-2011-1690 affects Best Practical Solutions RT (Request Tracker) 3.6.0–3.6.10 and 3.8.0–3.8.8. It enables remote attackers to trick users into sending credentials to an arbitrary server via unspecified vectors (no exploit details provided in the sources). The vulnerability is categori...
CVE-2011-5093
CVE-2011-5093 affects Best Practical Solutions RT, 4.x prior to 4.0.6. The DisallowExecuteCode option is not properly implemented, allowing remote authenticated users to bypass access restrictions and execute arbitrary code via a privileged account. This is part of the RT multi-vulnerability set ...
CVE-2014-1474
CVE-2014-1474 is an algorithmic complexity DoS in Email::Address::List before 0.02 used by RT 4.2.0–4.2.2 (and referenced in multiple advisories). A remote attacker can exhaust CPU by sending a crafted string with no address, causing denial of service. The vulnerability affects RT 4.2.x deploymen...
CVE-2009-3892
The CVE-2009-3892 entry corresponds to a cross-site scripting (XSS) vulnerability in Best Practical Solutions RT (Request Tracker) releases in the 3.x line. Versions affected include RT 3.4.6–3.8.4, RT 3.6.x through 3.6.8, and RT 3.8.x through 3.8.4. The root cause is improper handling of input i...
CVE-2008-3502
CVE-2008-3502 affects Best Practical Solutions RT versions 3.0.0 through 3.6.6. The vulnerability is described as an unspecified issue related to the Perl Devel::StackTrace module that allows remote authenticated users to cause a denial of service via unspecified vectors, potentially consuming CP...
CVE-2011-1008
The CVE-2011-1008 entry concerns Best Practical Solutions’ Request Tracker (RT) prior to 3.8.9. A vulnerability in Scrips_Overlay.pm allows remote authenticated users to access sensitive information from a TicketObj after a CurrentUser change, with evidence of exposure via custom-field data tied ...