NotCVE - vendor:"Otrs" product:"Otrs" version:"2.4.1"

Page 3 of 23 results (0.007 seconds)

CVSS: 7.5EPSS: 1%CPEs: 12EXPL: 0

CVE-2010-3476

https://notcve.org/view.php?id=CVE-2010-3476

20 Sep 2010 — Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 does not properly handle the matching of Perl regular expressions against HTML e-mail messages, which allows remote attackers to cause a denial of service (CPU consumption) via a large message, a different vulnerability than CVE-2010-2080. Open Ticket Request System (OTRS) v2.3.x anteriores a v2.3.6 y v2.4.x anteriores a v2.4.8 no controla correctamente la adecuación de las expresiones regulares de Perl contra los mensajes de correo... • http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html • CWE-20: Improper Input Validation •

CVSS: 5.4EPSS: 0%CPEs: 12EXPL: 0

CVE-2010-2080

https://notcve.org/view.php?id=CVE-2010-2080

20 Sep 2010 — Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Open Ticket Request System (OTRS) v2.3.x anteriores a v2.3.6 y v2.4.x anteriores a v2.4.8, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no espe... • http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 26EXPL: 0

CVE-2010-0438

https://notcve.org/view.php?id=CVE-2010-0438

09 Feb 2010 — Multiple SQL injection vulnerabilities in Kernel/System/Ticket.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.1.x before 2.1.9, 2.2.x before 2.2.9, 2.3.x before 2.3.5, and 2.4.x before 2.4.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Múltiples vulnerabilidades de inyección SQL en Kernel/System/Ticket.pm en OTRS-Core en Open Ticket Request System (OTRS) v2.1.x anteriores a v2.1.9, v2.2.x anteriores a v2.2.9, v2.3.x anteriores a v2.3.5, y v2.4.x anterio... • http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

1 2 3