Page 2 of 21 results (0.001 seconds)

CVSS: 4.0EPSS: 0%CPEs: 170EXPL: 0

Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to read (1) hashes of former passwords and (2) ticket correspondence history by leveraging access to a privileged account. Best Practical Solutions RT 3.x anteriores a 3.8.12 y 4.x anteriores a 4.0.6 permiten a usuarios autenticados remotos leer (1) hashes de contraseñas previas e (2) historial de correspondencia de tickets utilizando el acceso a una cuenta privilegiada. • http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html http://secunia.com/advisories/49259 http://www.securityfocus.com/bid/53660 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.8EPSS: 6%CPEs: 86EXPL: 0

Best Practical Solutions RT 3.6.x, 3.7.x, and 3.8.x before 3.8.12 and 4.x before 4.0.6, when the VERPPrefix and VERPDomain options are enabled, allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-5092 and CVE-2011-5093. Best Practical Solutions RT 3.6.x, 3.7.x, 3.8.x anteriores a 3.8.12 y 4.x anteriores a 4.0.6, si las opciones VERPPrefix y VERPDomain están habilitadas, permiten a atacantes remotos ejecutar código arbitrario a través de vectores sin especificar. Una vulnerabilidad distinta a la CVE-2011-5092 y CVE-2011-5093. • http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html http://secunia.com/advisories/49259 http://www.securityfocus.com/bid/53660 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 4.3EPSS: 0%CPEs: 170EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Best Practical Solutions RT v3.x anteriores a v3.8.12 y v4.x anteriores a v4.0.6, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html http://secunia.com/advisories/49259 http://www.securityfocus.com/bid/53660 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 0%CPEs: 196EXPL: 0

Multiple cross-site request forgery (CSRF) vulnerabilities in Best Practical Solutions RT before 3.8.12 and 4.x before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en Best Practical Solutions RT anteriores a 3.8.12 y 4.x anteriores a 4.0.6. Permiten a usuarios remotos secuestrar (hijack) la autenticación de usuarios arbitrarios. • http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html http://secunia.com/advisories/49259 http://www.securityfocus.com/bid/53660 https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.5EPSS: 0%CPEs: 79EXPL: 0

Multiple SQL injection vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors, as demonstrated by reading data. Múltiples vulnerabilidades de inyección SQL en Best Practical Solutions RT v2.0.0 hasta v3.6.10, v3.8.0 hasta v3.8.9, y v4.0.0rc hasta 4.0.0rc7 permiten a usuarios remotos autenticados ejecutar comandos SQL a través de vectores no especificados, como se demostró mediante la lectura de datos. • http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html http://secunia.com/advisories/44189 http://www.debian.org/security/2011/dsa-2220 http://www.securityfocus.com/bid/47383 http://www.vupen.com/english/advisories/2011/1071 https://bugzilla.red • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •