CVSS: 7.5EPSS: 0%CPEs: 106EXPL: 0CVE-2010-4764
https://notcve.org/view.php?id=CVE-2010-4764
18 Mar 2011 — Open Ticket Request System (OTRS) before 2.4.10, and 3.x before 3.0.3, does not present warnings about incoming encrypted e-mail messages that were based on revoked PGP or GPG keys, which makes it easier for remote attackers to spoof e-mail communication by leveraging a key that has a revocation signature. Open Ticket Request System (OTRS) anteriores a v2.4.10, y v3.x anteriores a v3.0.3, no presente las advertencias sobre los mensajes entrantes de correo electrónico cifrados que se basaron en claves PGP o ... • http://bugs.otrs.org/show_bug.cgi?id=6131 • CWE-255: Credentials Management Errors •
CVSS: 5.3EPSS: 0%CPEs: 95EXPL: 0CVE-2010-4765
https://notcve.org/view.php?id=CVE-2010-4765
18 Mar 2011 — Race condition in the Kernel::System::Main::FileWrite method in Open Ticket Request System (OTRS) before 2.4.8 allows remote authenticated users to corrupt the TicketCounter.log data in opportunistic circumstances by creating tickets. Condición de carrera en el método Kernel::System::Main::FileWrite en Open Ticket Request System (OTRS) anterior a v2.4.8 permite a usuarios remotos autenticados corromper los datos en TicketCounter.log en circunstancias oportunistas mediante la creación de tickets. • http://bugs.otrs.org/show_bug.cgi?id=4936 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.3EPSS: 0%CPEs: 94EXPL: 1CVE-2010-4766
https://notcve.org/view.php?id=CVE-2010-4766
18 Mar 2011 — The AgentTicketForward feature in Open Ticket Request System (OTRS) before 2.4.7 does not properly remove inline images from HTML e-mail messages, which allows remote attackers to obtain potentially sensitive image information in opportunistic circumstances by reading a forwarded message in a standard e-mail client. La característica AgentTicketForward en Open Ticket Request System (OTRS) anteriores a v2.4.7 no elimina correctamente las imágenes incluidas en mensajes de correo electrónico HTML, lo que podrí... • http://bugs.otrs.org/show_bug.cgi?id=4818 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 81EXPL: 0CVE-2010-4767
https://notcve.org/view.php?id=CVE-2010-4767
18 Mar 2011 — Open Ticket Request System (OTRS) before 2.3.6 does not properly handle e-mail messages in which the From line contains UTF-8 characters associated with diacritical marks and an invalid charset, which allows remote attackers to cause a denial of service (duplicate tickets and duplicate auto-responses) by sending a crafted message to a POP3 mailbox. Open Ticket Request System (OTRS) anteriores a v2.3.6 no gestiona correctamente los mensajes de correo electrónico en el que la línea De contiene caracteres UTF-... • http://bugs.otrs.org/show_bug.cgi?id=3426 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 80EXPL: 1CVE-2010-4768
https://notcve.org/view.php?id=CVE-2010-4768
18 Mar 2011 — Open Ticket Request System (OTRS) before 2.3.5 does not properly disable hidden permissions, which allows remote authenticated users to bypass intended queue access restrictions in opportunistic circumstances by visiting a ticket, related to a certain ordering of permission-set and permission-remove operations involving both hidden permissions and other permissions. Open Ticket Request System (OTRS) anteriores a v2.3.5 no desactiva de forma adecuada los permisos ocultos, lo que permite a usuarios remotos au... • http://bugs.otrs.org/show_bug.cgi?id=3499 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 2%CPEs: 29EXPL: 0CVE-2011-0456
https://notcve.org/view.php?id=CVE-2011-0456
11 Mar 2011 — webscript.pl in Open Ticket Request System (OTRS) 2.3.4 and earlier allows remote attackers to execute arbitrary commands via unspecified vectors, related to a "command injection vulnerability." Se presenta una vulnerabilidad en el archivo webscript.pl en Open Ticket Request System (OTRS) versión 2.3.4 y anteriores, permite a los atacantes remotos ejecutar comandos arbitrarios por medio de vectores no especificados, relacionados a una "command injection vulnerability." • http://jvn.jp/en/jp/JVN73162541/index.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 26EXPL: 0CVE-2010-0438
https://notcve.org/view.php?id=CVE-2010-0438
09 Feb 2010 — Multiple SQL injection vulnerabilities in Kernel/System/Ticket.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.1.x before 2.1.9, 2.2.x before 2.2.9, 2.3.x before 2.3.5, and 2.4.x before 2.4.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Múltiples vulnerabilidades de inyección SQL en Kernel/System/Ticket.pm en OTRS-Core en Open Ticket Request System (OTRS) v2.1.x anteriores a v2.1.9, v2.2.x anteriores a v2.2.9, v2.3.x anteriores a v2.3.5, y v2.4.x anterio... • http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •