CVSS: 6.5EPSS: 0%CPEs: 67EXPL: 0CVE-2008-7282
https://notcve.org/view.php?id=CVE-2008-7282
18 Mar 2011 — Kernel/Output/HTML/CustomerNewTicketQueueSelectionGeneric.pm in Open Ticket Request System (OTRS) before 2.2.6, when the CustomerPanelOwnSelection and CustomerGroupSupport options are enabled, allows remote authenticated users to bypass intended access restrictions, and perform certain (1) list and (2) write operations on queues, via unspecified vectors. Kernel/Output/HTML/CustomerNewTicketQueueSelectionGeneric.pm en Open Ticket Request System (OTRS) anteriores a v2.2.6, cuando las opciones CustomerPanelOwn... • http://bugs.otrs.org/show_bug.cgi?id=2696 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.1EPSS: 0%CPEs: 67EXPL: 0CVE-2008-7283
https://notcve.org/view.php?id=CVE-2008-7283
18 Mar 2011 — Open Ticket Request System (OTRS) before 2.2.6, when customer group support is enabled, allows remote authenticated users to bypass intended access restrictions and perform web-interface updates to tickets by leveraging queue read permissions. Open Ticket Request System (OTRS) anteriores a v2.2.6, cuando el grupo de atención al cliente está habilitada, permite a usuarios remotos autenticados eludir restricciones de acceso y realizar actualizaciones de la interfaz web a los tickets mediante el aprovechamient... • http://bugs.otrs.org/show_bug.cgi?id=2544 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 110EXPL: 0CVE-2011-1433
https://notcve.org/view.php?id=CVE-2011-1433
18 Mar 2011 — The (1) AgentInterface and (2) CustomerInterface components in Open Ticket Request System (OTRS) before 3.0.6 place cleartext credentials into the session data in the database, which makes it easier for context-dependent attackers to obtain sensitive information by reading the _UserLogin and _UserPW fields. Los componentes (1) AgentInterface y (2) CustomerInterface en Open Ticket Request System (OTRS) anterior a v3.0.6 coloca las credenciales sin cifrar en los datos de sesión en la base de datos, lo que hac... • http://bugs.otrs.org/show_bug.cgi?id=6878 • CWE-310: Cryptographic Issues •
CVSS: 3.5EPSS: 0%CPEs: 91EXPL: 1CVE-2009-5055
https://notcve.org/view.php?id=CVE-2009-5055
18 Mar 2011 — Open Ticket Request System (OTRS) before 2.4.4 grants ticket access on the basis of single-digit substrings of the CustomerID value, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by visiting a ticket, as demonstrated by leveraging the CustomerID 12 account to read tickets that should be available only to CustomerID 1 or CustomerID 2. Open Ticket Request System (OTRS) anteriores a v2.4.4 permite el acceso a las subcadenas básicas de un dígito si... • http://bugs.otrs.org/show_bug.cgi?id=4105 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 83EXPL: 1CVE-2009-5056
https://notcve.org/view.php?id=CVE-2009-5056
18 Mar 2011 — Open Ticket Request System (OTRS) before 2.4.0-beta2 does not properly enforce the move_into permission setting for a queue, which allows remote authenticated users to bypass intended access restrictions and read a ticket by watching this ticket, and then selecting the ticket from the watched-tickets list. Open Ticket Request System (OTRS) anteriores a v2.4.0-beta2 no hace cumplir de forma correcta la configuración del permiso move_into para una cola, lo que permite a usuarios remotos autenticados eludir la... • http://bugs.otrs.org/show_bug.cgi?id=3583 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 79EXPL: 0CVE-2009-5057
https://notcve.org/view.php?id=CVE-2009-5057
18 Mar 2011 — The S/MIME feature in Open Ticket Request System (OTRS) before 2.3.4 does not configure the RANDFILE and HOME environment variables for OpenSSL, which might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available for cryptographic operations, related to inability to write to the seeding file. La función S/MIME en Open Ticket Request System (OTRS) anterior a v2.3.4 no configura el RANDFILE y las variables de entorno HOME para OpenSSL, lo que podría facili... • http://bugs.otrs.org/show_bug.cgi?id=3462 • CWE-310: Cryptographic Issues •
CVSS: 9.8EPSS: 0%CPEs: 107EXPL: 1CVE-2010-4758
https://notcve.org/view.php?id=CVE-2010-4758
18 Mar 2011 — installer.pl in Open Ticket Request System (OTRS) before 3.0.3 has an Inbound Mail Password field that uses the text type, instead of the password type, for its INPUT element, which makes it easier for physically proximate attackers to obtain the password by reading the workstation screen. installer.pl en Open Ticket Request System (OTRS) anterior a v3.0.3 tiene un campo Inbound Mail Password que utiliza texto claro, en lugar de el tipo password, por su elemento INPUT, lo que hace que sea más fácil para los... • http://bugs.otrs.org/show_bug.cgi?id=6302 • CWE-310: Cryptographic Issues •
CVSS: 6.5EPSS: 0%CPEs: 104EXPL: 0CVE-2010-4759
https://notcve.org/view.php?id=CVE-2010-4759
18 Mar 2011 — Open Ticket Request System (OTRS) before 3.0.0-beta7 does not properly restrict the ticket ages that are within the scope of a search, which allows remote authenticated users to cause a denial of service (daemon hang) via a fulltext search. Open Ticket Request System (OTRS) anteriores a v3.0.0-beta7 no restringen correctamente la fecha de los tickets que se encuentran dentro del ámbito de una búsqueda, lo que permite a usuarios remotos autenticados causar una denegación de servicio (cuelgue del demonio) a t... • http://bugs.otrs.org/show_bug.cgi?id=1639 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 103EXPL: 0CVE-2010-4760
https://notcve.org/view.php?id=CVE-2010-4760
18 Mar 2011 — Open Ticket Request System (OTRS) before 3.0.0-beta6 adds email-notification-ext articles to tickets during processing of event-based notifications, which allows remote authenticated users to obtain potentially sensitive information by reading a ticket. Open Ticket Request System (OTRS) anteriores a v3.0.0-beta6 adiciona los email-notification-ext a los tickets durante el procesamiento de las notificaciones basadas en eventos, que permite a usuarios remotos autenticados para obtener información sensible med... • http://bugs.otrs.org/show_bug.cgi?id=5975 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 100EXPL: 0CVE-2010-4761
https://notcve.org/view.php?id=CVE-2010-4761
18 Mar 2011 — The customer-interface ticket-print dialog in Open Ticket Request System (OTRS) before 3.0.0-beta3 does not properly restrict customer-visible data, which allows remote authenticated users to obtain potentially sensitive information from the (1) responsible, (2) owner, (3) accounted time, (4) pending until, and (5) lock fields by reading this dialog. El cuadro de diálogo de interfaz de cliente de impresión de tickets en Open Ticket Request System (OTRS) anterior a v3.0.0-beta3 no restringe de forma correcta... • http://bugs.otrs.org/show_bug.cgi?id=5875 • CWE-264: Permissions, Privileges, and Access Controls •