CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0CVE-2012-6578
https://notcve.org/view.php?id=CVE-2012-6578
24 Jul 2013 — Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled with a "Sign by default" queue configuration, uses a queue's key for signing, which might allow remote attackers to spoof messages by leveraging the lack of authentication semantics. Best Practical Solutions RT 3.8.x anterior a 3.8.15 y 4.0.x anterior a 4.0.8, cuando GnuPG está activado con "Sing by defaul" (firmar por defecto), utiliza una cola de claves para firmar que podría permitir a atacantes remotos suplanta... • http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0CVE-2012-6579
https://notcve.org/view.php?id=CVE-2012-6579
24 Jul 2013 — Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to configure encryption or signing for certain outbound e-mail, and possibly cause a denial of service (loss of e-mail readability), via an e-mail message to a queue's address. Best Practical Solutions RT 3.8.x anterior a 3.8.15 y 4.0.x anterior a 4.0.8, cuando GnuPG está activado, permite a atacantes remotos configurar el cifrado o firmado para determinados correos salientes, y posiblement... • http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html • CWE-310: Cryptographic Issues •
CVSS: 5.3EPSS: 0%CPEs: 17EXPL: 0CVE-2012-6580
https://notcve.org/view.php?id=CVE-2012-6580
24 Jul 2013 — Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, does not ensure that the UI labels unencrypted messages as unencrypted, which might make it easier for remote attackers to spoof details of a message's origin or interfere with encryption-policy auditing via an e-mail message to a queue's address. Best Practical Solutions RT 3.8.x anterior a 3.8.15 y 4.0.x anterior a 4.0.8, cuando GnuPG está activado, no se asegura que las etiquetas UI descifradas se encuentren en... • http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html • CWE-310: Cryptographic Issues •
CVSS: 9.1EPSS: 0%CPEs: 17EXPL: 0CVE-2012-6581
https://notcve.org/view.php?id=CVE-2012-6581
24 Jul 2013 — Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to bypass intended restrictions on reading keys in the product's keyring, and trigger outbound e-mail messages signed by an arbitrary stored secret key, by leveraging a UI e-mail signing privilege. Best Practical Solutions RT 3.8.x anterior a 3.8.15 y 4.0.x anterior a 4.0.8, cuando GnuPG está activado, permite a atacantes remotos evitar las restricciones de acceso establecidas mediante la l... • http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 2%CPEs: 24EXPL: 3CVE-2013-3525 – Request Tracker - 'ShowPending' SQL Injection
https://notcve.org/view.php?id=CVE-2013-3525
10 May 2013 — SQL injection vulnerability in Approvals/ in Request Tracker (RT) 4.0.10 and earlier allows remote attackers to execute arbitrary SQL commands via the ShowPending parameter. NOTE: the vendor disputes this issue, stating "We were unable to replicate it, and the individual that reported it retracted their report," and "we had verified that the claimed exploit did not function according to the author's claims. ** DISPUTADA ** Vulnerabilidad de inyección SQL en Approvals/ en Request Tracker (RT) 4.0.10 y anteri... • https://www.exploit-db.com/exploits/38459 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •