22 matches found
CVE-2019-20221
CVE-2019-20221 affects Support Incident Tracker (SiT!) version 3.67. The vulnerability is a Cross-Site Scripting (XSS) in the “Load Plugins” input on the config.php page, with the payload potentially executed on pages such as about.php. Multiple sources corroborate the issue across CVE records an...
CVE-2019-20220
The CVE-2019-20220 entry concerns Support Incident Tracker (SiT!) version 3.67. A cross-site scripting (XSS) flaw is located in the search_id parameter of the search_incidents_advanced.php page, arising from insufficient validation of user-supplied data. Documented impact is client-side code exec...
CVE-2019-20223
CVE-2019-20223 is an XSS flaw in Support Incident Tracker (SiT!) 3.67 where the id parameter is reflected across endpoints that use it. Red Hat’s advisory reiterates the XSS in SiT! 3.67, tied to CVE-2012-2235, with no details on patches within the provided documents. The OpenVAS entry references...
CVE-2019-20222
The CVE-2019-20222 entry affects Support Incident Tracker (SiT!) version 3.67, where the Short Application Name and Application Name fields in the config.php page are vulnerable to cross-site scripting (XSS). Multiple connected sources (NVD entry and Red Hat security advisory) confirm the issue a...
CVE-2011-3833
CVE-2011-3833 affects Support Incident Tracker (SiT!) 3.65, with an Unrestricted file upload in ftp_upload_file.php. The root cause is that remote authenticated users can upload a PHP file and access it via a direct request to that file in an unspecified directory, enabling arbitrary code executi...
CVE-2011-5074
CVE-2011-5074 refers to multiple cross-site request forgery (CSRF) vulnerabilities in Support Incident Tracker (SiT!)
CVE-2011-3829
CVE-2011-3829 affects Support Incident Tracker (SiT!)
CVE-2011-5067
CVE-2011-5067 affects Support Incident Tracker (SiT!) 3.65. The vulnerability is in the move_uploaded_file.php component, where remote authenticated users can disclose the installation path by an error message that includes the file name. The documented impact is partial information disclosure; n...
CVE-2011-5069
CVE-2011-5069 is an Unrestricted file upload vulnerability in Support Incident Tracker (SiT!) 3.65, specifically in incident_attachments.php. The issue allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and then accessing it via a direct r...
CVE-2011-3832
SiT! (Support Incident Tracker) 3.65 is affected by an eval/code-injection vulnerability in config.php. The issue allows remote authenticated administrators to execute arbitrary PHP code via the application_name parameter during a save action, due to the use of an eval-like construct in evaluatin...
CVE-2011-5072
Support Incident Tracker (SiT!)
CVE-2012-2235
SiT! (Support Incident Tracker) is affected by a cross-site scripting (XSS) vulnerability in versions up to 3.65, triggered by the id parameter passed to index.php. The issue arises because the parameter is processed in an error message without proper sanitization, enabling remote attackers to in...
CVE-2010-1596
CVE-2010-1596 affects Support Incident Tracker (SiT!) prior to version 3.51. When LDAP authentication uses anonymous binds, remote attackers can bypass authentication by supplying an empty password. Exploitation details are supported by multiple sources in the connected docs, including OpenVAS an...
CVE-2011-5071
Support Incident Tracker (SiT!) is affected by multiple SQL injection vulnerabilities in versions prior to 3.64 (and cited remotely as SiT!
CVE-2011-3830
CVE-2011-3830 affects Support Incident Tracker (SiT!) 3.65, where an XSS flaw exists in search.php via the search_string parameter, enabling remote injection of arbitrary script/HTML. Root cause is insufficient input validation on the search_string field, as reported in the NVD entry. Exploitatio...
CVE-2011-3831
CVE-2011-3831 affects Support Incident Tracker (SiT!) 3.65. The vulnerability is an SQL injection in incident_attachments.php that allows remote attackers to execute arbitrary SQL commands via an uploaded file with a crafted file name. This is documented across multiple sources (NVD/NVD listing, ...
CVE-2011-4337
The CVE affects Support Incident Tracker (SiT!) versions 3.45–3.65, where translate.php contains a static code injection flaw. An attacker can supply a crafted lang parameter to inject arbitrary PHP code into an executable language file within the i18n directory. The provided documents do not spe...
CVE-2011-5073
CVE-2011-5073 affects Support Incident Tracker (SiT!) prior to 3.65. It contains multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary HTML/JavaScript via numerous parameters (e.g., mode, contractid, user, id, Referer, startdate/enddate, etc.) and cer...
CVE-2011-5075
CVE-2011-5075 affects Support Incident Tracker SiT! versions 3.45–3.65. The flaw is an information-disclosure via translate.php (save action) that allows remote attackers to reveal the installation path. Connected sources corroborate an installation-path exposure; OpenVAS and RH advisories note b...
CVE-2011-5070
CVE-2011-5070: Several XSS vulnerabilities in Support Incident Tracker (SiT!) 3.65 allow remote attackers to inject arbitrary web script/HTML via (1) incident_attachments.php file name, (2) vectors in link_add.php (origref, linkref, linktype) or the redirect parameter in html_redirect, and (3) tr...
CVE-2007-5635
Technical details for CVE-2007-5635 are not publicly available in the provided documents. The materials list multiple unspecified vulnerabilities with unknown impact and vectors; no concrete affected products, versions, or fixes are disclosed here. Monitor for updates.
CVE-2011-5068
CVE-2011-5068 affects Support Incident Tracker (SiT!) version 3.65, with multiple CSRF vulnerabilities that allow remote attackers to hijack a user’s authenticated session for actions such as deleting a user via user_delete.php and other unspecified programs. The connected documents confirm the v...