CVSS: 5.3EPSS: 0%CPEs: 17EXPL: 0CVE-2012-6580
https://notcve.org/view.php?id=CVE-2012-6580
24 Jul 2013 — Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, does not ensure that the UI labels unencrypted messages as unencrypted, which might make it easier for remote attackers to spoof details of a message's origin or interfere with encryption-policy auditing via an e-mail message to a queue's address. Best Practical Solutions RT 3.8.x anterior a 3.8.15 y 4.0.x anterior a 4.0.8, cuando GnuPG está activado, no se asegura que las etiquetas UI descifradas se encuentren en... • http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html • CWE-310: Cryptographic Issues •
CVSS: 9.1EPSS: 0%CPEs: 17EXPL: 0CVE-2012-6581
https://notcve.org/view.php?id=CVE-2012-6581
24 Jul 2013 — Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to bypass intended restrictions on reading keys in the product's keyring, and trigger outbound e-mail messages signed by an arbitrary stored secret key, by leveraging a UI e-mail signing privilege. Best Practical Solutions RT 3.8.x anterior a 3.8.15 y 4.0.x anterior a 4.0.8, cuando GnuPG está activado, permite a atacantes remotos evitar las restricciones de acceso establecidas mediante la l... • http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 2%CPEs: 24EXPL: 3CVE-2013-3525 – Request Tracker - 'ShowPending' SQL Injection
https://notcve.org/view.php?id=CVE-2013-3525
10 May 2013 — SQL injection vulnerability in Approvals/ in Request Tracker (RT) 4.0.10 and earlier allows remote attackers to execute arbitrary SQL commands via the ShowPending parameter. NOTE: the vendor disputes this issue, stating "We were unable to replicate it, and the individual that reported it retracted their report," and "we had verified that the claimed exploit did not function according to the author's claims. ** DISPUTADA ** Vulnerabilidad de inyección SQL en Approvals/ en Request Tracker (RT) 4.0.10 y anteri... • https://www.exploit-db.com/exploits/38459 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 0CVE-2012-2768
https://notcve.org/view.php?id=CVE-2012-2768
15 Aug 2012 — Multiple cross-site scripting (XSS) vulnerabilities in the topic administration page in the RTFM extension 2.0.4 through 2.4.3 for Best Practical Solutions RT allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en la página de administración de tema en la extensión RTFM v2.0.4 hasta la v2.4.3 para (Best Practical Solutions RT) permite a atacantes remotos inyectar código web o HTML arbitrario a tra... • http://lists.bestpractical.com/pipermail/rt-announce/2012-July/000208.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2006-2169
https://notcve.org/view.php?id=CVE-2006-2169
04 May 2006 — RT: Request Tracker 3.5.HEAD allows remote attackers to obtain sensitive information via the Rows parameter in Dist/Display.html, which reveals the installation path in an error message. • http://pridels0.blogspot.com/2006/04/rt-request-tracker-vuln.html •
CVSS: 6.8EPSS: 0%CPEs: 8EXPL: 0CVE-2003-0273
https://notcve.org/view.php?id=CVE-2003-0273
09 May 2003 — Cross-site scripting (XSS) vulnerability in the web interface for Request Tracker (RT) 1.0 through 1.0.7 allows remote attackers to execute script via message bodies. Vulnerabilidad de secuencias de comandos en sitios cruzados en la interfaz web para Request Racker (RT) 1.0 hasta 1.0.7 permite que atacantes remotos ejecuten script mediante cuerpos de mensaje. • http://lists.fsck.com/pipermail/rt-announce/2003-May/000071.html •