Lucene search
K

36 matches found

CVE
CVE
added 2012/06/04 7:0 p.m.82 views

CVE-2011-2082

CVE-2011-2082 affects Best Practical Solutions RT: vulnerable-passwords script in RT 3.x < 3.8.12 and RT 4.x

5CVSS6.2AI score0.01191EPSS
CVE
CVE
added 2013/08/23 4:0 p.m.78 views

CVE-2013-3370

CVE-2013-3370 affects Request Tracker (RT) 3.8.x prior to 3.8.17 and 4.0.x prior to 4.0.13. The flaw is failure to properly restrict access to private callback components, allowing remote attackers to trigger an unspecified impact via a direct request. The connected documents consistently describ...

6.8CVSS8.5AI score0.02322EPSS
CVE
CVE
added 2011/01/25 6:0 p.m.76 views

CVE-2011-0009

CVE-2011-0009 affects Best Practical Solutions RT 3.x (before 3.8.9rc2) and RT 4.x (before 4.0.0rc4), where password hashes used MD5, enabling context-dependent attackers to brute-force the database and recover cleartext passwords. DebRAN/Debian advisories note an incomplete fix in CVE-2011-0009 ...

4.3CVSS6.3AI score0.01879EPSS
CVE
CVE
added 2013/08/23 4:0 p.m.73 views

CVE-2013-3371

CVE-2013-3371 is an XSS vulnerability in Request Tracker (RT) affecting RT 3.8.3–3.8.16 and RT 4.0.x before 4.0.13. The vulnerability allows remote attackers to inject arbitrary web script or HTML via the filename of an attachment. Connected documents corroborate the affected versions and the XSS...

4.3CVSS7.2AI score0.02069EPSS
CVE
CVE
added 2013/08/23 4:0 p.m.69 views

CVE-2013-5587

CVE-2013-5587 applies to RT 4.x before 4.0.13, where, when the MakeClicky feature is configured, an attacker can inject arbitrary web script or HTML through a URL in a ticket. This vulnerability is explicitly split from CVE-2013-3371 due to differences in affected versions. Public details in the ...

2.6CVSS7AI score0.01985EPSS
CVE
CVE
added 2012/06/04 7:0 p.m.67 views

CVE-2011-2085

CVE-2011-2085 affects Best Practical Solutions RT, with CSRF vulnerabilities that could hijack user sessions. Affected are RT 3.x before 3.8.12 and RT 4.x before 4.0.6. The advisory details multiple issues—CSRF in particular allows remote attackers to impersonate legitimate users. The connected d...

6.8CVSS7.1AI score0.0107EPSS
CVE
CVE
added 2013/08/23 4:0 p.m.65 views

CVE-2013-3368

The CVE-2013-3368 entry concerns RT (Request Tracker) where bin/rt in RT 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name. Connected documents reiterate this exact description across multip...

3.3CVSS8.1AI score0.00346EPSS
CVE
CVE
added 2009/12/02 4:0 p.m.63 views

CVE-2009-3585

CVE-2009-3585 concerns a session fixation vulnerability in Best Practical Solutions RT 3.0.0–3.6.9 and 3.8.x–3.8.5, in the SetupSessionCookie flow (html/Elements/SetupSessionCookie). The underlying issue allows remote attackers to hijack a user’s web session by manipulating the session identifier...

5.8CVSS6.2AI score0.02745EPSS
CVE
CVE
added 2011/04/22 10:0 a.m.63 views

CVE-2011-1689

CVE-2011-1689 affects Best Practical Solutions RT (2.x–4.0.0rc7), with multiple XSS vulnerabilities allowing remote script injection via unspecified vectors. Public sources confirm RT is vulnerable across listed versions; Debian advisory notes fixes in RT 3.8.x branch (e.g., 3.8.8–7+squeeze1, 3.8...

4.3CVSS5.6AI score0.02326EPSS
CVE
CVE
added 2012/06/04 7:0 p.m.63 views

CVE-2011-2083

The CVE-2011-2083 entry concerns Best Practical Solutions RT. It affects RT 3.x before 3.8.12 and RT 4.x before 4.0.6, where multiple cross-site scripting (XSS) vulnerabilities could allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. The connected records corro...

4.3CVSS5.5AI score0.01848EPSS
CVE
CVE
added 2013/08/23 4:0 p.m.63 views

CVE-2013-3372

RT 3.8.x before 3.8.17 and 4.0.x before 4.0.13 are affected by a vulnerability that allows remote attackers to inject multiple Content-Disposition HTTP headers, potentially enabling cross-site scripting (XSS) via unspecified vectors. Affected products/versions should be upgraded to fixed releases...

4.3CVSS7.8AI score0.0206EPSS
CVE
CVE
added 2012/06/04 7:0 p.m.62 views

CVE-2011-4458

The CVE-2011-4458 entry affects Best Practical Solutions RT 3.6.x, 3.7.x, and 3.8.x before 3.8.12 and RT 4.x before 4.0.6. When VERPPrefix and VERPDomain options are enabled, this permits remote code execution via unspecified vectors. Affected versions: RT 3.6.x/3.7.x/3.8.x prior to 3.8.12 and RT...

6.8CVSS7.6AI score0.03101EPSS
CVE
CVE
added 2012/06/04 7:0 p.m.61 views

CVE-2011-4460

The CVE-2011-4460 entry concerns a SQL injection vulnerability in Best Practical Solutions RT versions 2.x and 3.x prior to 3.8.12 and 4.x prior to 4.0.6. The issue allows a remote authenticated attacker, with access to a privileged account, to execute arbitrary SQL commands on the back-end datab...

6.5CVSS7.7AI score0.01774EPSS
CVE
CVE
added 2012/11/11 11:0 a.m.61 views

CVE-2012-4732

Vulnerability (CVE-2012-4732) : A cross-site request forgery (CSRF) in Request Tracker (RT) versions 3.8.12 and earlier than 3.8.15, and 4.0.6 and earlier than 4.0.8, lets remote attackers hijack user authentication to perform actions that toggle ticket bookmarks. Affected product: Request Tracke...

6.8CVSS6.9AI score0.00874EPSS
CVE
CVE
added 2013/08/23 4:0 p.m.61 views

CVE-2013-3373

CVE-2013-3373: CRLF/header injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary HTTP headers and perform HTTP response splitting via a MIME header. Affected RT versions include 3.8.x (pre-3.8.17) and 4.0.x (pre-4.0...

5CVSS8.3AI score0.02428EPSS
CVE
CVE
added 2012/06/04 7:0 p.m.59 views

CVE-2011-4459

CVE-2011-4459 affects Best Practical Solutions RT: 3.x before 3.8.12 and 4.x before 4.0.6. Root cause: groups are not properly disabled, allowing remote authenticated users to bypass intended access restrictions by leveraging a group membership. Impact: access restriction bypass in opportunistic ...

3.5CVSS6AI score0.01017EPSS
CVE
CVE
added 2012/06/04 7:0 p.m.59 views

CVE-2011-5092

CVE-2011-5092 affects Best Practical Solutions RT 3.8.x prior to 3.8.12 and RT 4.x prior to 4.0.6. The vulnerability is described as an unspecified flaw that allows remote attackers to execute arbitrary code and gain privileges; a different issue from CVE-2011-4458 and CVE-2011-5093. The connecte...

7.5CVSS7.8AI score0.02847EPSS
CVE
CVE
added 2013/08/23 4:0 p.m.59 views

CVE-2013-3369

CVE-2013-3369 affects Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13. The flaw allows remote authenticated users who have permission to view administration pages to execute arbitrary private components via unspecified vectors. The available connected sources corroborate the affe...

6CVSS8.4AI score0.01234EPSS
CVE
CVE
added 2011/04/22 10:0 a.m.58 views

CVE-2011-1686

CVE-2011-1686 concerns multiple SQL injection vulnerabilities in Best Practical Solutions RT across RT 2.0.0–3.6.10, 3.8.0–3.8.9, and 4.0.0rc–4.0.0rc7, allowing remote authenticated users to run arbitrary SQL via unspecified vectors (data reading demonstrated). Concrete references in connected do...

6.5CVSS8AI score0.01342EPSS
CVE
CVE
added 2011/04/22 10:0 a.m.58 views

CVE-2011-1687

CVE-2011-1687 affects Best Practical Solutions RT (Request Tracker). The vulnerability allows remote authenticated users to obtain sensitive information by using the search interface, demonstrated by retrieving encrypted passwords. Affected RT versions include 3.0.0–3.6.10, 3.8.0–3.8.9, and 4.0.0...

4CVSS5.7AI score0.01445EPSS
CVE
CVE
added 2013/08/23 4:0 p.m.58 views

CVE-2012-4733

CVE-2012-4733 affects Request Tracker (RT) 4.x prior to 4.0.13. The issue is an improper enforcement of the DeleteTicket and “custom lifecycle transition” permissions, allowing remote authenticated users who have the ModifyTicket permission to delete tickets via unspecified vectors. The connected...

6CVSS8.1AI score0.01634EPSS
CVE
CVE
added 2011/02/28 3:0 p.m.57 views

CVE-2011-1007

CVE-2011-1007 affects Best Practical Solutions RT prior to 3.8.9. The issue is a login redirect flaw that allows a physically proximate attacker to reuse the back button after logout to access credentials or previous session data. The impact is a partial disclosure through session re-use on an un...

2.1CVSS6.5AI score0.00397EPSS
CVE
CVE
added 2013/08/23 4:0 p.m.57 views

CVE-2013-3374

RT (Request Tracker) is affected by an unspecified vulnerability in the Apache::Session::File session store, impacting RT 3.8.x before 3.8.17 and RT 4.0.x before 4.0.13. The issue enables remote attackers to obtain sensitive information (user preferences and caches) via unknown vectors related to...

4.3CVSS8.2AI score0.01405EPSS
CVE
CVE
added 2009/12/02 4:0 p.m.56 views

CVE-2009-4151

CVE-2009-4151 describes a session fixation vulnerability in Best Practical Solutions RT, affecting RT 3.0.0–3.6.9 and RT 3.8.x up to 3.8.5. The issue arises in the SetupSessionCookie path where an attacker can influence the session identifier via HTTP access to the RT server, enabling potential s...

5.8CVSS6.4AI score0.01838EPSS
Web
CVE
CVE
added 2011/04/22 10:0 a.m.56 views

CVE-2011-1685

CVE-2011-1685 affects Best Practical RT (Request Tracker) versions 3.8.0–3.8.9 and 4.0.0rc–4.0.0rc7, where enabling CustomFieldValuesSources (external custom fields) allows remote authenticated users to execute arbitrary code via CSRF. The vulnerability arises from the external custom field featu...

4.6CVSS7.4AI score0.01116EPSS
CVE
CVE
added 2011/04/22 10:0 a.m.56 views

CVE-2011-1688

CVE-2011-1688 affects Best Practical Solutions’ RT (Request Tracker). The OpenVAS entries and NVD record enumerate a directory traversal vulnerability exploitable via crafted HTTP requests that allows reading arbitrary files on RT installations. Affected versions include RT 3.2.0 up to 3.6.10, 3....

4.3CVSS6.4AI score0.03782EPSS
CVE
CVE
added 2012/11/11 11:0 a.m.56 views

CVE-2012-4884

CVE-2012-4884 concerns Request Tracker (RT). The issue is an argument injection vulnerability in RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, related to the GnuPG client, which allows remote attackers to create arbitrary files via unspecified vectors. Affected software is the Best Practical Sol...

5CVSS6.8AI score0.0157EPSS
CVE
CVE
added 2012/06/04 7:0 p.m.55 views

CVE-2011-2084

The CVE-2011-2084 entry concerns Best Practical Solutions RT 3.x < 3.8.12 and RT 4.x

4CVSS5.9AI score0.01674EPSS
CVE
CVE
added 2012/11/11 11:0 a.m.55 views

CVE-2012-4730

CVE-2012-4730 affects Best Practical Solutions’ Request Tracker (RT), specifically versions 3.8.x before 3.8.15 and 4.0.x before 4.0.8. The public description in the connected sources states that remote authenticated users who have ModifySelf or AdminUser privileges can inject arbitrary email hea...

3.5CVSS5.9AI score0.01269EPSS
CVE
CVE
added 2012/11/11 11:0 a.m.54 views

CVE-2012-4734

Request Tracker (RT) vulnerable versions: 3.8.x before 3.8.15 and 4.0.x before 4.0.8. Description: a remote attacker can bypass the CSRF warning via a crafted link to cause victims to modify arbitrary state (confused deputy). The sources confirm affected ranges and attack surface; exploitation sp...

5CVSS6.6AI score0.01822EPSS
CVE
CVE
added 2011/04/22 10:0 a.m.52 views

CVE-2011-1690

Summary: CVE-2011-1690 affects Best Practical Solutions RT (Request Tracker) 3.6.0–3.6.10 and 3.8.0–3.8.8. It enables remote attackers to trick users into sending credentials to an arbitrary server via unspecified vectors (no exploit details provided in the sources). The vulnerability is categori...

4.3CVSS6.7AI score0.02364EPSS
CVE
CVE
added 2012/06/04 7:0 p.m.52 views

CVE-2011-5093

CVE-2011-5093 affects Best Practical Solutions RT, 4.x prior to 4.0.6. The DisallowExecuteCode option is not properly implemented, allowing remote authenticated users to bypass access restrictions and execute arbitrary code via a privileged account. This is part of the RT multi-vulnerability set ...

6.5CVSS7AI score0.02087EPSS
CVE
CVE
added 2014/07/15 2:0 p.m.50 views

CVE-2014-1474

CVE-2014-1474 is an algorithmic complexity DoS in Email::Address::List before 0.02 used by RT 4.2.0–4.2.2 (and referenced in multiple advisories). A remote attacker can exhaust CPU by sending a crafted string with no address, causing denial of service. The vulnerability affects RT 4.2.x deploymen...

5CVSS6.5AI score0.02427EPSS
CVE
CVE
added 2009/11/17 6:0 p.m.49 views

CVE-2009-3892

The CVE-2009-3892 entry corresponds to a cross-site scripting (XSS) vulnerability in Best Practical Solutions RT (Request Tracker) releases in the 3.x line. Versions affected include RT 3.4.6–3.8.4, RT 3.6.x through 3.6.8, and RT 3.8.x through 3.8.4. The root cause is improper handling of input i...

4.3CVSS5.8AI score0.01083EPSS
CVE
CVE
added 2008/08/06 6:0 p.m.45 views

CVE-2008-3502

CVE-2008-3502 affects Best Practical Solutions RT versions 3.0.0 through 3.6.6. The vulnerability is described as an unspecified issue related to the Perl Devel::StackTrace module that allows remote authenticated users to cause a denial of service via unspecified vectors, potentially consuming CP...

4CVSS6.3AI score0.01116EPSS
CVE
CVE
added 2011/02/28 3:0 p.m.44 views

CVE-2011-1008

The CVE-2011-1008 entry concerns Best Practical Solutions’ Request Tracker (RT) prior to 3.8.9. A vulnerability in Scrips_Overlay.pm allows remote authenticated users to access sensitive information from a TicketObj after a CurrentUser change, with evidence of exposure via custom-field data tied ...

4CVSS6.3AI score0.01533EPSS