CVSS: 7.1EPSS: 0%CPEs: 77EXPL: 0CVE-2008-7276
https://notcve.org/view.php?id=CVE-2008-7276
18 Mar 2011 — Kernel/System/Web/Request.pm in Open Ticket Request System (OTRS) before 2.3.2 creates a directory under /tmp/ with 1274 permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations, related to incorrect interpretation of 0700 as a decimal value. Kernel/System/web/Request.pm en Open Ticket Request System (OTRS) anteriores a v2.3.2 crea un directorio en /tmp/ con permisos 1274, lo que podría permitir a usuarios locales eludir las restricciones de acceso... • http://bugs.otrs.org/show_bug.cgi?id=3133 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.3EPSS: 0%CPEs: 94EXPL: 1CVE-2010-4766
https://notcve.org/view.php?id=CVE-2010-4766
18 Mar 2011 — The AgentTicketForward feature in Open Ticket Request System (OTRS) before 2.4.7 does not properly remove inline images from HTML e-mail messages, which allows remote attackers to obtain potentially sensitive image information in opportunistic circumstances by reading a forwarded message in a standard e-mail client. La característica AgentTicketForward en Open Ticket Request System (OTRS) anteriores a v2.4.7 no elimina correctamente las imágenes incluidas en mensajes de correo electrónico HTML, lo que podrí... • http://bugs.otrs.org/show_bug.cgi?id=4818 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 83EXPL: 1CVE-2009-5056
https://notcve.org/view.php?id=CVE-2009-5056
18 Mar 2011 — Open Ticket Request System (OTRS) before 2.4.0-beta2 does not properly enforce the move_into permission setting for a queue, which allows remote authenticated users to bypass intended access restrictions and read a ticket by watching this ticket, and then selecting the ticket from the watched-tickets list. Open Ticket Request System (OTRS) anteriores a v2.4.0-beta2 no hace cumplir de forma correcta la configuración del permiso move_into para una cola, lo que permite a usuarios remotos autenticados eludir la... • http://bugs.otrs.org/show_bug.cgi?id=3583 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 98EXPL: 1CVE-2010-4763
https://notcve.org/view.php?id=CVE-2010-4763
18 Mar 2011 — The ACL-customer-status Ticket Type setting in Open Ticket Request System (OTRS) before 3.0.0-beta1 does not restrict the ticket options after an AJAX reload, which allows remote authenticated users to bypass intended ACL restrictions on the (1) Status, (2) Service, and (3) Queue via selections. La configuración ACL-customer-status Ticket Type en Open Ticket Request System (OTRS) anteriores a v3.0.0-beta1 no restringe las opciones del ticket después de una recarga de AJAX, lo que permite a usuarios remotos ... • http://bugs.otrs.org/show_bug.cgi?id=4399 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 107EXPL: 1CVE-2010-4758
https://notcve.org/view.php?id=CVE-2010-4758
18 Mar 2011 — installer.pl in Open Ticket Request System (OTRS) before 3.0.3 has an Inbound Mail Password field that uses the text type, instead of the password type, for its INPUT element, which makes it easier for physically proximate attackers to obtain the password by reading the workstation screen. installer.pl en Open Ticket Request System (OTRS) anterior a v3.0.3 tiene un campo Inbound Mail Password que utiliza texto claro, en lugar de el tipo password, por su elemento INPUT, lo que hace que sea más fácil para los... • http://bugs.otrs.org/show_bug.cgi?id=6302 • CWE-310: Cryptographic Issues •
CVSS: 5.3EPSS: 0%CPEs: 95EXPL: 0CVE-2010-4765
https://notcve.org/view.php?id=CVE-2010-4765
18 Mar 2011 — Race condition in the Kernel::System::Main::FileWrite method in Open Ticket Request System (OTRS) before 2.4.8 allows remote authenticated users to corrupt the TicketCounter.log data in opportunistic circumstances by creating tickets. Condición de carrera en el método Kernel::System::Main::FileWrite en Open Ticket Request System (OTRS) anterior a v2.4.8 permite a usuarios remotos autenticados corromper los datos en TicketCounter.log en circunstancias oportunistas mediante la creación de tickets. • http://bugs.otrs.org/show_bug.cgi?id=4936 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 0%CPEs: 106EXPL: 0CVE-2010-4764
https://notcve.org/view.php?id=CVE-2010-4764
18 Mar 2011 — Open Ticket Request System (OTRS) before 2.4.10, and 3.x before 3.0.3, does not present warnings about incoming encrypted e-mail messages that were based on revoked PGP or GPG keys, which makes it easier for remote attackers to spoof e-mail communication by leveraging a key that has a revocation signature. Open Ticket Request System (OTRS) anteriores a v2.4.10, y v3.x anteriores a v3.0.3, no presente las advertencias sobre los mensajes entrantes de correo electrónico cifrados que se basaron en claves PGP o ... • http://bugs.otrs.org/show_bug.cgi?id=6131 • CWE-255: Credentials Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 29EXPL: 0CVE-2011-0456
https://notcve.org/view.php?id=CVE-2011-0456
11 Mar 2011 — webscript.pl in Open Ticket Request System (OTRS) 2.3.4 and earlier allows remote attackers to execute arbitrary commands via unspecified vectors, related to a "command injection vulnerability." Se presenta una vulnerabilidad en el archivo webscript.pl en Open Ticket Request System (OTRS) versión 2.3.4 y anteriores, permite a los atacantes remotos ejecutar comandos arbitrarios por medio de vectores no especificados, relacionados a una "command injection vulnerability." • http://jvn.jp/en/jp/JVN73162541/index.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2005-3895
https://notcve.org/view.php?id=CVE-2005-3895
29 Nov 2005 — Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3, when AttachmentDownloadType is set to inline, renders text/html e-mail attachments as HTML in the browser when the queue moderator attempts to download the attachment, which allows remote attackers to execute arbitrary web script or HTML. NOTE: this particular issue is referred to as XSS by some sources. • http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/039001.html •
CVSS: 8.8EPSS: 13%CPEs: 6EXPL: 4CVE-2005-3893 – OTRS 2.0 - AgentTicketPlain Action Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2005-3893
29 Nov 2005 — Multiple SQL injection vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) user parameter in the Login action, and remote authenticated users via the (2) TicketID and (3) ArticleID parameters of the AgentTicketPlain action. • https://www.exploit-db.com/exploits/26551 •