CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0CVE-2012-6579
https://notcve.org/view.php?id=CVE-2012-6579
24 Jul 2013 — Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to configure encryption or signing for certain outbound e-mail, and possibly cause a denial of service (loss of e-mail readability), via an e-mail message to a queue's address. Best Practical Solutions RT 3.8.x anterior a 3.8.15 y 4.0.x anterior a 4.0.8, cuando GnuPG está activado, permite a atacantes remotos configurar el cifrado o firmado para determinados correos salientes, y posiblement... • http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html • CWE-310: Cryptographic Issues •
CVSS: 9.1EPSS: 0%CPEs: 17EXPL: 0CVE-2012-6581
https://notcve.org/view.php?id=CVE-2012-6581
24 Jul 2013 — Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to bypass intended restrictions on reading keys in the product's keyring, and trigger outbound e-mail messages signed by an arbitrary stored secret key, by leveraging a UI e-mail signing privilege. Best Practical Solutions RT 3.8.x anterior a 3.8.15 y 4.0.x anterior a 4.0.8, cuando GnuPG está activado, permite a atacantes remotos evitar las restricciones de acceso establecidas mediante la l... • http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.3EPSS: 0%CPEs: 17EXPL: 0CVE-2012-6580
https://notcve.org/view.php?id=CVE-2012-6580
24 Jul 2013 — Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, does not ensure that the UI labels unencrypted messages as unencrypted, which might make it easier for remote attackers to spoof details of a message's origin or interfere with encryption-policy auditing via an e-mail message to a queue's address. Best Practical Solutions RT 3.8.x anterior a 3.8.15 y 4.0.x anterior a 4.0.8, cuando GnuPG está activado, no se asegura que las etiquetas UI descifradas se encuentren en... • http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html • CWE-310: Cryptographic Issues •
CVSS: 9.8EPSS: 0%CPEs: 24EXPL: 3CVE-2013-3525 – Request Tracker - 'ShowPending' SQL Injection
https://notcve.org/view.php?id=CVE-2013-3525
10 May 2013 — SQL injection vulnerability in Approvals/ in Request Tracker (RT) 4.0.10 and earlier allows remote attackers to execute arbitrary SQL commands via the ShowPending parameter. NOTE: the vendor disputes this issue, stating "We were unable to replicate it, and the individual that reported it retracted their report," and "we had verified that the claimed exploit did not function according to the author's claims. ** DISPUTADA ** Vulnerabilidad de inyección SQL en Approvals/ en Request Tracker (RT) 4.0.10 y anteri... • https://www.exploit-db.com/exploits/38459 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •