CVSS: 6.5EPSS: 0%CPEs: 74EXPL: 0CVE-2008-7277
https://notcve.org/view.php?id=CVE-2008-7277
18 Mar 2011 — Open Ticket Request System (OTRS) before 2.3.0-beta4 checks for the rw permission, instead of the configured merge permission, during authorization of merge operations, which might allow remote authenticated users to bypass intended access restrictions by merging two tickets. Open Ticket Request System (OTRS) anteriores a v2.3.0-beta4 comprueba los permisos rw, en lugar de configurar el permiso de unión, durante el proceso de autorización de operaciones de combinación, lo que podría permitir a usuarios remo... • http://bugs.otrs.org/show_bug.cgi?id=3045 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 0%CPEs: 66EXPL: 0CVE-2008-7278
https://notcve.org/view.php?id=CVE-2008-7278
18 Mar 2011 — The S/MIME feature in Open Ticket Request System (OTRS) before 2.2.5, and 2.3.x before 2.3.0-beta1, does not properly configure the RANDFILE environment variable for OpenSSL, which might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available for cryptographic operations, related to inability to write to the seeding file. La función S/MIME en Open Ticket Request System (OTRS) anterior a v2.2.5, y v2.3.x anteriores a v2.3.0-beta1, no configura correctamen... • http://bugs.otrs.org/show_bug.cgi?id=2539 • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 0%CPEs: 69EXPL: 0CVE-2008-7279
https://notcve.org/view.php?id=CVE-2008-7279
18 Mar 2011 — The CustomerInterface component in Open Ticket Request System (OTRS) before 2.2.8 allows remote authenticated users to bypass intended access restrictions and access tickets of arbitrary customers via unspecified vectors. El componente CustomerInterface en Open Ticket Request System (OTRS) anterior a v2.2.8 permite a usuarios remotos autenticados eludir las restricciones de acceso impuestas y los tickets clientes arbitrarios a través de vectores no especificados. • http://bugs.otrs.org/show_bug.cgi?id=3103 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 68EXPL: 0CVE-2008-7280
https://notcve.org/view.php?id=CVE-2008-7280
18 Mar 2011 — Kernel/System/EmailParser.pm in PostmasterPOP3.pl in Open Ticket Request System (OTRS) before 2.2.7 does not properly handle e-mail messages containing malformed UTF-8 characters, which allows remote attackers to cause a denial of service (e-mail retrieval outage) via a crafted message. Kernel/System/EmailParser.pm en PostmasterPOP3.pl en Open Ticket Request System (OTRS) anterior a v2.2.7 no controla correctamente los mensajes de correo electrónico con caracteres UTF-8 incorrectos, lo que permite a atacant... • http://bugs.otrs.org/show_bug.cgi?id=2934 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 68EXPL: 0CVE-2008-7281
https://notcve.org/view.php?id=CVE-2008-7281
18 Mar 2011 — Open Ticket Request System (OTRS) before 2.2.7 sends e-mail containing a Bcc header field that lists the Blind Carbon Copy recipients, which allows remote attackers to obtain potentially sensitive e-mail address information by reading this field. Open Ticket Request System (OTRS) anteriores a v2.2.7 envía correos electrónicos que contienen un campo cabecera Bcc que lista los destinatarios de la BCC (copia carbón blindada) lo que permite a atacantes remotos obtener direcciones de correo sensibles leyendo est... • http://bugs.otrs.org/show_bug.cgi?id=1882 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 67EXPL: 0CVE-2008-7282
https://notcve.org/view.php?id=CVE-2008-7282
18 Mar 2011 — Kernel/Output/HTML/CustomerNewTicketQueueSelectionGeneric.pm in Open Ticket Request System (OTRS) before 2.2.6, when the CustomerPanelOwnSelection and CustomerGroupSupport options are enabled, allows remote authenticated users to bypass intended access restrictions, and perform certain (1) list and (2) write operations on queues, via unspecified vectors. Kernel/Output/HTML/CustomerNewTicketQueueSelectionGeneric.pm en Open Ticket Request System (OTRS) anteriores a v2.2.6, cuando las opciones CustomerPanelOwn... • http://bugs.otrs.org/show_bug.cgi?id=2696 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.1EPSS: 0%CPEs: 67EXPL: 0CVE-2008-7283
https://notcve.org/view.php?id=CVE-2008-7283
18 Mar 2011 — Open Ticket Request System (OTRS) before 2.2.6, when customer group support is enabled, allows remote authenticated users to bypass intended access restrictions and perform web-interface updates to tickets by leveraging queue read permissions. Open Ticket Request System (OTRS) anteriores a v2.2.6, cuando el grupo de atención al cliente está habilitada, permite a usuarios remotos autenticados eludir restricciones de acceso y realizar actualizaciones de la interfaz web a los tickets mediante el aprovechamient... • http://bugs.otrs.org/show_bug.cgi?id=2544 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 110EXPL: 0CVE-2011-1433
https://notcve.org/view.php?id=CVE-2011-1433
18 Mar 2011 — The (1) AgentInterface and (2) CustomerInterface components in Open Ticket Request System (OTRS) before 3.0.6 place cleartext credentials into the session data in the database, which makes it easier for context-dependent attackers to obtain sensitive information by reading the _UserLogin and _UserPW fields. Los componentes (1) AgentInterface y (2) CustomerInterface en Open Ticket Request System (OTRS) anterior a v3.0.6 coloca las credenciales sin cifrar en los datos de sesión en la base de datos, lo que hac... • http://bugs.otrs.org/show_bug.cgi?id=6878 • CWE-310: Cryptographic Issues •
CVSS: 3.5EPSS: 0%CPEs: 91EXPL: 1CVE-2009-5055
https://notcve.org/view.php?id=CVE-2009-5055
18 Mar 2011 — Open Ticket Request System (OTRS) before 2.4.4 grants ticket access on the basis of single-digit substrings of the CustomerID value, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by visiting a ticket, as demonstrated by leveraging the CustomerID 12 account to read tickets that should be available only to CustomerID 1 or CustomerID 2. Open Ticket Request System (OTRS) anteriores a v2.4.4 permite el acceso a las subcadenas básicas de un dígito si... • http://bugs.otrs.org/show_bug.cgi?id=4105 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 83EXPL: 1CVE-2009-5056
https://notcve.org/view.php?id=CVE-2009-5056
18 Mar 2011 — Open Ticket Request System (OTRS) before 2.4.0-beta2 does not properly enforce the move_into permission setting for a queue, which allows remote authenticated users to bypass intended access restrictions and read a ticket by watching this ticket, and then selecting the ticket from the watched-tickets list. Open Ticket Request System (OTRS) anteriores a v2.4.0-beta2 no hace cumplir de forma correcta la configuración del permiso move_into para una cola, lo que permite a usuarios remotos autenticados eludir la... • http://bugs.otrs.org/show_bug.cgi?id=3583 • CWE-20: Improper Input Validation •