CVSS: 8.8EPSS: 0%CPEs: 79EXPL: 0CVE-2011-1686
https://notcve.org/view.php?id=CVE-2011-1686
22 Apr 2011 — Multiple SQL injection vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors, as demonstrated by reading data. Múltiples vulnerabilidades de inyección SQL en Best Practical Solutions RT v2.0.0 hasta v3.6.10, v3.8.0 hasta v3.8.9, y v4.0.0rc hasta 4.0.0rc7 permiten a usuarios remotos autenticados ejecutar comandos SQL a través de vectores no especificados,... • http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 61EXPL: 0CVE-2011-1687
https://notcve.org/view.php?id=CVE-2011-1687
22 Apr 2011 — Best Practical Solutions RT 3.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote authenticated users to obtain sensitive information by using the search interface, as demonstrated by retrieving encrypted passwords. Best Practical Solutions RT v2.0.0 hasta v3.6.10, v3.8.0 hasta v3.8.9, y v4.0.0rc hasta 4.0.0rc7 permite a usuarios remotos autenticados, obtener información confidencial mediante el uso de la interfaz de búsqueda, como lo demuestra la recuperación de contraseñas ... • http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 47EXPL: 0CVE-2011-1688
https://notcve.org/view.php?id=CVE-2011-1688
22 Apr 2011 — Directory traversal vulnerability in Best Practical Solutions RT 3.2.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote attackers to read arbitrary files via a crafted HTTP request. Vulnerabilidad de salto de directorio en Best Practical Solutions RT v2.0.0 hasta v3.6.10, v3.8.0 hasta v3.8.9, y v4.0.0rc hasta 4.0.0rc7 permite a atacantes remotos leer ficheros arbitrarios mediante una petición HTTP manipulada. • http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 79EXPL: 0CVE-2011-1689
https://notcve.org/view.php?id=CVE-2011-1689
22 Apr 2011 — Multiple cross-site scripting (XSS) vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Best Practical Solutions RT v2.0.0 hasta v3.6.10, v3.8.0 hasta v3.8.9, y v4.0.0rc hasta 4.0.0rc7, permite a atacantes remotos inyectar script de su elección o HTML a través des... • http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 150EXPL: 0CVE-2011-0009
https://notcve.org/view.php?id=CVE-2011-0009
25 Jan 2011 — Best Practical Solutions RT 3.x before 3.8.9rc2 and 4.x before 4.0.0rc4 uses the MD5 algorithm for password hashes, which makes it easier for context-dependent attackers to determine cleartext passwords via a brute-force attack on the database. Best Practical Solutions RT v3.x anterior a v3.8.9rc2 y v4.x, utiliza el algoritmo MD5 para los hashes de contraseñas, lo que hace que sea más fácil para los atacantes dependientes del contexto determinar las contraseñas sin cifrar a través de un ataque de fuerza bru... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610850 • CWE-310: Cryptographic Issues •