264661
|
- |
|
otrs
|
otrs
|
Open Ticket Request System (OTRS) before 2.4.4 grants ticket access on the basis of single-digit substrings of the CustomerID value, which allows remote authenticated users to bypass intended access …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-5055
|
2011-03-22 13:00 |
2011-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
264662
|
- |
|
otrs
|
otrs
|
Open Ticket Request System (OTRS) before 2.4.0-beta2 does not properly enforce the move_into permission setting for a queue, which allows remote authenticated users to bypass intended access restrict…
|
CWE-20
Improper Input Validation
|
CVE-2009-5056
|
2011-03-22 13:00 |
2011-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
264663
|
- |
|
otrs
|
otrs
|
The S/MIME feature in Open Ticket Request System (OTRS) before 2.3.4 does not configure the RANDFILE and HOME environment variables for OpenSSL, which might make it easier for remote attackers to dec…
|
CWE-310
Cryptographic Issues
|
CVE-2009-5057
|
2011-03-22 13:00 |
2011-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
264664
|
- |
|
otrs
|
otrs
|
Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) before 2.3.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) AgentTic…
|
CWE-79
Cross-site Scripting
|
CVE-2008-7275
|
2011-03-22 13:00 |
2011-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
264665
|
- |
|
otrs
|
otrs
|
Kernel/System/Web/Request.pm in Open Ticket Request System (OTRS) before 2.3.2 creates a directory under /tmp/ with 1274 permissions, which might allow local users to bypass intended access restricti…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-7276
|
2011-03-22 13:00 |
2011-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
264666
|
- |
|
otrs
|
otrs
|
Open Ticket Request System (OTRS) before 2.3.0-beta4 checks for the rw permission, instead of the configured merge permission, during authorization of merge operations, which might allow remote authe…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-7277
|
2011-03-22 13:00 |
2011-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
264667
|
- |
|
otrs
|
otrs
|
The S/MIME feature in Open Ticket Request System (OTRS) before 2.2.5, and 2.3.x before 2.3.0-beta1, does not properly configure the RANDFILE environment variable for OpenSSL, which might make it easi…
|
CWE-20
Improper Input Validation
|
CVE-2008-7278
|
2011-03-22 13:00 |
2011-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
264668
|
- |
|
otrs
|
otrs
|
The CustomerInterface component in Open Ticket Request System (OTRS) before 2.2.8 allows remote authenticated users to bypass intended access restrictions and access tickets of arbitrary customers vi…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2008-7279
|
2011-03-22 13:00 |
2011-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
264669
|
- |
|
otrs
|
otrs
|
Kernel/System/EmailParser.pm in PostmasterPOP3.pl in Open Ticket Request System (OTRS) before 2.2.7 does not properly handle e-mail messages containing malformed UTF-8 characters, which allows remote…
|
CWE-20
Improper Input Validation
|
CVE-2008-7280
|
2011-03-22 13:00 |
2011-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
264670
|
- |
|
otrs
|
otrs
|
Open Ticket Request System (OTRS) before 2.2.7 sends e-mail containing a Bcc header field that lists the Blind Carbon Copy recipients, which allows remote attackers to obtain potentially sensitive e-…
|
CWE-200
Information Exposure
|
CVE-2008-7281
|
2011-03-22 13:00 |
2011-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|