CVSS: 6.1EPSS: 0%CPEs: 14EXPL: 0CVE-2013-3736
https://notcve.org/view.php?id=CVE-2013-3736
05 May 2014 — Cross-site scripting (XSS) vulnerability in the MobileUI (aka RT-Extension-MobileUI) extension before 1.04 in Request Tracker (RT) 4.0.0 before 4.0.13 allows remote attackers to inject arbitrary web script or HTML via the name of an attached file. Vulnerabilidad de XSS en la extensión MobileUI (también conocido como RT-Extension-MobileUI) anterior a 1.04 en Request Tracker (RT) 4.0.0 anterior a 4.0.13 permite a atacantes remotos inyectar script Web o HTML arbitrarios a través del nombre de un archivo adjunt... • http://lists.bestpractical.com/pipermail/rt-announce/2013-June/000230.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 31EXPL: 0CVE-2013-5587
https://notcve.org/view.php?id=CVE-2013-5587
23 Aug 2013 — Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.13, when MakeClicky is configured, allows remote attackers to inject arbitrary web script or HTML via a URL in a ticket. NOTE: this issue has been SPLIT from CVE-2013-3371 due to different affected versions. Vulnerabilidad Cross-site scripting (XSS) en Request Tracker (RT) v4.x anterior a v4.0.13, cuando se configura MakeClicky, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través una URL e... • http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0CVE-2012-6578
https://notcve.org/view.php?id=CVE-2012-6578
24 Jul 2013 — Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled with a "Sign by default" queue configuration, uses a queue's key for signing, which might allow remote attackers to spoof messages by leveraging the lack of authentication semantics. Best Practical Solutions RT 3.8.x anterior a 3.8.15 y 4.0.x anterior a 4.0.8, cuando GnuPG está activado con "Sing by defaul" (firmar por defecto), utiliza una cola de claves para firmar que podría permitir a atacantes remotos suplanta... • http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0CVE-2012-6579
https://notcve.org/view.php?id=CVE-2012-6579
24 Jul 2013 — Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to configure encryption or signing for certain outbound e-mail, and possibly cause a denial of service (loss of e-mail readability), via an e-mail message to a queue's address. Best Practical Solutions RT 3.8.x anterior a 3.8.15 y 4.0.x anterior a 4.0.8, cuando GnuPG está activado, permite a atacantes remotos configurar el cifrado o firmado para determinados correos salientes, y posiblement... • http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html • CWE-310: Cryptographic Issues •
CVSS: 5.3EPSS: 0%CPEs: 17EXPL: 0CVE-2012-6580
https://notcve.org/view.php?id=CVE-2012-6580
24 Jul 2013 — Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, does not ensure that the UI labels unencrypted messages as unencrypted, which might make it easier for remote attackers to spoof details of a message's origin or interfere with encryption-policy auditing via an e-mail message to a queue's address. Best Practical Solutions RT 3.8.x anterior a 3.8.15 y 4.0.x anterior a 4.0.8, cuando GnuPG está activado, no se asegura que las etiquetas UI descifradas se encuentren en... • http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html • CWE-310: Cryptographic Issues •
CVSS: 9.1EPSS: 0%CPEs: 17EXPL: 0CVE-2012-6581
https://notcve.org/view.php?id=CVE-2012-6581
24 Jul 2013 — Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to bypass intended restrictions on reading keys in the product's keyring, and trigger outbound e-mail messages signed by an arbitrary stored secret key, by leveraging a UI e-mail signing privilege. Best Practical Solutions RT 3.8.x anterior a 3.8.15 y 4.0.x anterior a 4.0.8, cuando GnuPG está activado, permite a atacantes remotos evitar las restricciones de acceso establecidas mediante la l... • http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 77EXPL: 0CVE-2013-3368 – Debian Security Advisory 2671-1
https://notcve.org/view.php?id=CVE-2013-3368
23 May 2013 — bin/rt in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with predictable name. bin/rt en Request Tracker (RT) v3.8.x anterior a v3.8.17 y v4.0.x anterior a v4.0.13 permite a los usuarios locales sobreescribir archivos arbitrarios a través de un ataque de enlaces simbólicos en un archivo temporal con nombre predecible. Multiple vulnerabilities have been discovered in Request Tracker, an extensible trou... • http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.1EPSS: 0%CPEs: 77EXPL: 0CVE-2013-3369 – Debian Security Advisory 2671-1
https://notcve.org/view.php?id=CVE-2013-3369
23 May 2013 — Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote authenticated users with the permissions to view the administration pages to execute arbitrary private components via unspecified vectors. Request Tracker (RT) v3.8.x anterior a v3.8.17 y v4.0.x anterior a v4.0.13 permite a los usuarios remotos autenticados con los permisos para ver las páginas de administración para ejecutar a su elección los componentes privados a través de vectores no especificados. Multiple vulnerabilities ha... • http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html •
CVSS: 9.8EPSS: 1%CPEs: 77EXPL: 0CVE-2013-3370 – Debian Security Advisory 2671-1
https://notcve.org/view.php?id=CVE-2013-3370
23 May 2013 — Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 does not properly restrict access to private callback components, which allows remote attackers to have an unspecified impact via a direct request. Request Tracker (RT) v3.8.x anterior a v3.8.17 y v4.0.x anterior a v4.0.13 no restringe adecuadamente el acceso a los componentes de devolución de llamada privados, lo que permite a atacantes remotos tienen un impacto no especificado a través de una petición directa. Multiple vulnerabilities have b... • http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 77EXPL: 0CVE-2013-3371 – Debian Security Advisory 2671-1
https://notcve.org/view.php?id=CVE-2013-3371
23 May 2013 — Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 3.8.3 through 3.8.16 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary web script or HTML via the filename of an attachment. Vulnerabilidad Cross-site scripting (XSS) en Request Tracker (RT) v3.8.3 hasta v3.8.16 y v4.0.x anterior a v4.0.13 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del nombre de archivo de datos adjuntos. Multiple vulnerabilities have been discovered in Request Tracker, an... • http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •