CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 4CVE-2010-0605 – osTicket 1.6 RC5 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-0605
11 Feb 2010 — SQL injection vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users, with "Staff" permissions, to execute arbitrary SQL commands via the input parameter. Vulnerabilidad de inyección SQL en scp/ajax.php en osTicket v1.6.0 Stable, permite a usuarios autenticados remotamente, con permisos de "staff", ejecutar comandos SQL de su elección a través del parámetro "input". • https://www.exploit-db.com/exploits/11380 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 8EXPL: 1CVE-2010-0606
https://notcve.org/view.php?id=CVE-2010-0606
11 Feb 2010 — Cross-site scripting (XSS) vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users to inject arbitrary web script or HTML via the f parameter, possibly related to an error message generated by scp/admin.php. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en scp/ajax.php en osTicket anterior a v1.6.0 Stable, permite a usuarios autenticados remotamente inyectar secuencias de comandos web o HTML de su elección a través del parámetro "f", p... • http://osticket.com/forums/project.php?issueid=176 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 7%CPEs: 4EXPL: 3CVE-2009-2361 – osTicket 1.6 RC4 - Admin Login Blind SQL Injection
https://notcve.org/view.php?id=CVE-2009-2361
08 Jul 2009 — SQL injection vulnerability in include/class.staff.php in osTicket before 1.6 RC5 allows remote attackers to execute arbitrary SQL commands via the staff username parameter. Vulnerabilidad de inyección SQL en include/class.staff.php en osTicket before v1.6 RC5 permite a atacantes remotos ejecutar comandos SQL a su elección a través del parámetro staff username. • https://www.exploit-db.com/exploits/9032 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 2CVE-2006-6733 – osTicket 1.2/1.3 Support Cards - 'view.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-6733
26 Dec 2006 — Cross-site scripting (XSS) vulnerability in support/view.php in Support Cards 1 (osTicket) allows remote attackers to inject arbitrary web script or HTML via the e parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en support/view.php de Support Cards 1 (osTicket) permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro e. • https://www.exploit-db.com/exploits/29298 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2006-5407
https://notcve.org/view.php?id=CVE-2006-5407
19 Oct 2006 — PHP remote file inclusion vulnerability in open_form.php in osTicket allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter. Vulnerabilidad de inclusión remota del archivo en PHP open_form.php en osTicket permite a los atacantes remotos la ejecución de código PHP de su elección mediante una URL en el parámetro include_dir. • http://securityreason.com/securityalert/1745 •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 3CVE-2005-2153
https://notcve.org/view.php?id=CVE-2005-2153
06 Jul 2005 — SQL injection vulnerability in class.ticket.php in osTicket 1.3.1 beta and earlier allows remote attackers to execute arbitrary SQL commands via the ticket variable. • http://seclists.org/lists/bugtraq/2005/Jul/0009.html •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 4CVE-2005-2154 – osTicket 1.2/1.3 - 'view.php?inc' Arbitrary Local File Inclusion
https://notcve.org/view.php?id=CVE-2005-2154
06 Jul 2005 — PHP local file inclusion vulnerability in (1) view.php and (2) open.php in osTicket 1.3.1 beta and earlier allows remote attackers to include and possibly execute arbitrary local files via the inc parameter. • https://www.exploit-db.com/exploits/25926 •
CVSS: 6.8EPSS: 24%CPEs: 2EXPL: 2CVE-2005-1436
https://notcve.org/view.php?id=CVE-2005-1436
03 May 2005 — Multiple cross-site scripting (XSS) vulnerabilities in osTicket allow remote attackers to inject arbitrary web script or HTML via (1) the t parameter to view.php, (2) the osticket_title parameter to header.php, (3) the em parameter to admin_login.php, (4) the e parameter to user_login.php, (5) the err parameter to open_submit.php, or (6) the name and subject fields when adding a ticket. • http://secunia.com/advisories/15216 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2005-1437
https://notcve.org/view.php?id=CVE-2005-1437
03 May 2005 — Multiple SQL injection vulnerabilities in osTicket allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to admin.php or (2) cat parameter to view.php. • http://secunia.com/advisories/15216 •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2005-1438
https://notcve.org/view.php?id=CVE-2005-1438
03 May 2005 — PHP remote file inclusion vulnerability in main.php in osTicket allows remote attackers to execute arbitrary PHP code via the include_dir parameter. • http://secunia.com/advisories/15216 •