CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2011-2385
https://notcve.org/view.php?id=CVE-2011-2385
19 Jul 2011 — The iPhoneHandle package 0.9.x before 0.9.7 and 1.0.x before 1.0.3 in Open Ticket Request System (OTRS) does not properly restrict use of the iPhoneHandle interface, which allows remote authenticated users to gain privileges, and consequently read or modify OTRS core objects, via unspecified vectors. El paquete iPhoneHandle v0.9.x anterior a v0.9.7 y v1.0.x anterios a v1.0.3 en Open Ticket Request System (OTRS) no restringe adecuadamente el uso de intefaces de iPhoneHandle, lo que permite a usuarios autenti... • http://osvdb.org/73885 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 28EXPL: 0CVE-2011-1518
https://notcve.org/view.php?id=CVE-2011-1518
18 Apr 2011 — Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) 2.4.x before 2.4.10 and 3.x before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Open Ticket Request System (OTRS) v2.4.x anterior a v2.4.10 y 3.x anterior a v3.0.7 permite a atacantes remotos inyectar script web de su elección o HTML a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 74EXPL: 0CVE-2008-7277
https://notcve.org/view.php?id=CVE-2008-7277
18 Mar 2011 — Open Ticket Request System (OTRS) before 2.3.0-beta4 checks for the rw permission, instead of the configured merge permission, during authorization of merge operations, which might allow remote authenticated users to bypass intended access restrictions by merging two tickets. Open Ticket Request System (OTRS) anteriores a v2.3.0-beta4 comprueba los permisos rw, en lugar de configurar el permiso de unión, durante el proceso de autorización de operaciones de combinación, lo que podría permitir a usuarios remo... • http://bugs.otrs.org/show_bug.cgi?id=3045 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 80EXPL: 1CVE-2010-4768
https://notcve.org/view.php?id=CVE-2010-4768
18 Mar 2011 — Open Ticket Request System (OTRS) before 2.3.5 does not properly disable hidden permissions, which allows remote authenticated users to bypass intended queue access restrictions in opportunistic circumstances by visiting a ticket, related to a certain ordering of permission-set and permission-remove operations involving both hidden permissions and other permissions. Open Ticket Request System (OTRS) anteriores a v2.3.5 no desactiva de forma adecuada los permisos ocultos, lo que permite a usuarios remotos au... • http://bugs.otrs.org/show_bug.cgi?id=3499 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 79EXPL: 0CVE-2009-5057
https://notcve.org/view.php?id=CVE-2009-5057
18 Mar 2011 — The S/MIME feature in Open Ticket Request System (OTRS) before 2.3.4 does not configure the RANDFILE and HOME environment variables for OpenSSL, which might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available for cryptographic operations, related to inability to write to the seeding file. La función S/MIME en Open Ticket Request System (OTRS) anterior a v2.3.4 no configura el RANDFILE y las variables de entorno HOME para OpenSSL, lo que podría facili... • http://bugs.otrs.org/show_bug.cgi?id=3462 • CWE-310: Cryptographic Issues •
CVSS: 8.1EPSS: 0%CPEs: 69EXPL: 0CVE-2008-7279
https://notcve.org/view.php?id=CVE-2008-7279
18 Mar 2011 — The CustomerInterface component in Open Ticket Request System (OTRS) before 2.2.8 allows remote authenticated users to bypass intended access restrictions and access tickets of arbitrary customers via unspecified vectors. El componente CustomerInterface en Open Ticket Request System (OTRS) anterior a v2.2.8 permite a usuarios remotos autenticados eludir las restricciones de acceso impuestas y los tickets clientes arbitrarios a través de vectores no especificados. • http://bugs.otrs.org/show_bug.cgi?id=3103 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 3.5EPSS: 0%CPEs: 91EXPL: 1CVE-2009-5055
https://notcve.org/view.php?id=CVE-2009-5055
18 Mar 2011 — Open Ticket Request System (OTRS) before 2.4.4 grants ticket access on the basis of single-digit substrings of the CustomerID value, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by visiting a ticket, as demonstrated by leveraging the CustomerID 12 account to read tickets that should be available only to CustomerID 1 or CustomerID 2. Open Ticket Request System (OTRS) anteriores a v2.4.4 permite el acceso a las subcadenas básicas de un dígito si... • http://bugs.otrs.org/show_bug.cgi?id=4105 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 78EXPL: 0CVE-2008-7275
https://notcve.org/view.php?id=CVE-2008-7275
18 Mar 2011 — Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) before 2.3.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) AgentTicketMailbox or (2) CustomerTicketOverView. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Open Ticket Request System (OTRS) anteriores a v2.3.3, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores relacionados con (1) AgentTick... • http://bugs.otrs.org/show_bug.cgi?id=3287 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 66EXPL: 0CVE-2008-7278
https://notcve.org/view.php?id=CVE-2008-7278
18 Mar 2011 — The S/MIME feature in Open Ticket Request System (OTRS) before 2.2.5, and 2.3.x before 2.3.0-beta1, does not properly configure the RANDFILE environment variable for OpenSSL, which might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available for cryptographic operations, related to inability to write to the seeding file. La función S/MIME en Open Ticket Request System (OTRS) anterior a v2.2.5, y v2.3.x anteriores a v2.3.0-beta1, no configura correctamen... • http://bugs.otrs.org/show_bug.cgi?id=2539 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 103EXPL: 0CVE-2010-4760
https://notcve.org/view.php?id=CVE-2010-4760
18 Mar 2011 — Open Ticket Request System (OTRS) before 3.0.0-beta6 adds email-notification-ext articles to tickets during processing of event-based notifications, which allows remote authenticated users to obtain potentially sensitive information by reading a ticket. Open Ticket Request System (OTRS) anteriores a v3.0.0-beta6 adiciona los email-notification-ext a los tickets durante el procesamiento de las notificaciones basadas en eventos, que permite a usuarios remotos autenticados para obtener información sensible med... • http://bugs.otrs.org/show_bug.cgi?id=5975 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •