CVE-2013-3371
https://notcve.org/view.php?id=CVE-2013-3371
Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 3.8.3 through 3.8.16 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary web script or HTML via the filename of an attachment. Vulnerabilidad Cross-site scripting (XSS) en Request Tracker (RT) v3.8.3 hasta v3.8.16 y v4.0.x anterior a v4.0.13 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del nombre de archivo de datos adjuntos. • http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html http://secunia.com/advisories/53505 http://secunia.com/advisories/53522 http://www.debian.org/security/2012/dsa-2670 http://www.osvdb.org/93608 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-3372
https://notcve.org/view.php?id=CVE-2013-3372
Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject multiple Content-Disposition HTTP headers and possibly conduct cross-site scripting (XSS) attacks via unspecified vectors. Request Tracker (RT) v3.8.x anterior a v3.8.17 y v4.0.x anterior a v4.0.13 permite a atacantes remotos inyectar varias cabeceras HTTP Content-Disposition y, posiblemente, realizar ataques de cross-site scripting (XSS) a través de vectores no especificados. • http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html http://secunia.com/advisories/53505 http://secunia.com/advisories/53522 http://www.debian.org/security/2012/dsa-2670 http://www.osvdb.org/93607 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-3373
https://notcve.org/view.php?id=CVE-2013-3373
CRLF injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a MIME header. Vulnerabilidad de inyección CRLF en Request Tracker (RT) v3.8.x anterior a v3.8.17 y v4.0.x anterior a v4.0.13 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y llevar a cabo ataques de división de respuesta HTTP a través de un encabezado MIME. • http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html http://secunia.com/advisories/53505 http://secunia.com/advisories/53522 http://www.debian.org/security/2012/dsa-2670 http://www.osvdb.org/93606 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2013-3374
https://notcve.org/view.php?id=CVE-2013-3374
Unspecified vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13, when using the Apache::Session::File session store, allows remote attackers to obtain sensitive information (user preferences and caches) via unknown vectors, related to a "limited session re-use." Vulnerabilidad no especificada en Request Tracker (RT) v3.8.x anterior a v3.8.17 y v4.0.x anterior a v4.0.13, cuando se utiliza el almacenamiento de sesiones Apache::Session::File, permite a atacantes remotos obtener información sensible (las preferencias del usuario y las memorias caché) a través de vectores desconocidos relacionados con una "reutilización de sesión limitada." • http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html http://secunia.com/advisories/53505 http://secunia.com/advisories/53522 http://www.debian.org/security/2012/dsa-2670 http://www.osvdb.org/93605 •
CVE-2012-4730
https://notcve.org/view.php?id=CVE-2012-4730
Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote authenticated users with ModifySelf or AdminUser privileges to inject arbitrary email headers and conduct phishing attacks or obtain sensitive information via unknown vectors. equest Tracker (RT) v3.8.x antes de v3.8.15 y v4.0.x antes de v4.0.8 permite a usuarios remotos autenticados con ModifySelf o privilegios adminuser para inyectar cabeceras arbitrarias de correo electrónico y realizar ataques de phishing u obtener información sensible a través de vectores desconocidos. • http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html • CWE-264: Permissions, Privileges, and Access Controls •