CVSS: 7.5EPSS: 0%CPEs: 81EXPL: 0CVE-2010-4767
https://notcve.org/view.php?id=CVE-2010-4767
18 Mar 2011 — Open Ticket Request System (OTRS) before 2.3.6 does not properly handle e-mail messages in which the From line contains UTF-8 characters associated with diacritical marks and an invalid charset, which allows remote attackers to cause a denial of service (duplicate tickets and duplicate auto-responses) by sending a crafted message to a POP3 mailbox. Open Ticket Request System (OTRS) anteriores a v2.3.6 no gestiona correctamente los mensajes de correo electrónico en el que la línea De contiene caracteres UTF-... • http://bugs.otrs.org/show_bug.cgi?id=3426 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 80EXPL: 1CVE-2010-4768
https://notcve.org/view.php?id=CVE-2010-4768
18 Mar 2011 — Open Ticket Request System (OTRS) before 2.3.5 does not properly disable hidden permissions, which allows remote authenticated users to bypass intended queue access restrictions in opportunistic circumstances by visiting a ticket, related to a certain ordering of permission-set and permission-remove operations involving both hidden permissions and other permissions. Open Ticket Request System (OTRS) anteriores a v2.3.5 no desactiva de forma adecuada los permisos ocultos, lo que permite a usuarios remotos au... • http://bugs.otrs.org/show_bug.cgi?id=3499 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 2%CPEs: 29EXPL: 0CVE-2011-0456
https://notcve.org/view.php?id=CVE-2011-0456
11 Mar 2011 — webscript.pl in Open Ticket Request System (OTRS) 2.3.4 and earlier allows remote attackers to execute arbitrary commands via unspecified vectors, related to a "command injection vulnerability." Se presenta una vulnerabilidad en el archivo webscript.pl en Open Ticket Request System (OTRS) versión 2.3.4 y anteriores, permite a los atacantes remotos ejecutar comandos arbitrarios por medio de vectores no especificados, relacionados a una "command injection vulnerability." • http://jvn.jp/en/jp/JVN73162541/index.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 26EXPL: 0CVE-2010-0438
https://notcve.org/view.php?id=CVE-2010-0438
09 Feb 2010 — Multiple SQL injection vulnerabilities in Kernel/System/Ticket.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.1.x before 2.1.9, 2.2.x before 2.2.9, 2.3.x before 2.3.5, and 2.4.x before 2.4.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Múltiples vulnerabilidades de inyección SQL en Kernel/System/Ticket.pm en OTRS-Core en Open Ticket Request System (OTRS) v2.1.x anteriores a v2.1.9, v2.2.x anteriores a v2.2.9, v2.3.x anteriores a v2.3.5, y v2.4.x anterio... • http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •