CVSS: 6.8EPSS: 6%CPEs: 86EXPL: 0CVE-2011-4458
https://notcve.org/view.php?id=CVE-2011-4458
Best Practical Solutions RT 3.6.x, 3.7.x, and 3.8.x before 3.8.12 and 4.x before 4.0.6, when the VERPPrefix and VERPDomain options are enabled, allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-5092 and CVE-2011-5093. Best Practical Solutions RT 3.6.x, 3.7.x, 3.8.x anteriores a 3.8.12 y 4.x anteriores a 4.0.6, si las opciones VERPPrefix y VERPDomain están habilitadas, permiten a atacantes remotos ejecutar código arbitrario a través de vectores sin especificar. Una vulnerabilidad distinta a la CVE-2011-5092 y CVE-2011-5093. • http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html http://secunia.com/advisories/49259 http://www.securityfocus.com/bid/53660 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 187EXPL: 0CVE-2011-4460
https://notcve.org/view.php?id=CVE-2011-4460
SQL injection vulnerability in Best Practical Solutions RT 2.x and 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to execute arbitrary SQL commands by leveraging access to a privileged account. Vulnerabilidad de inyección SQL en Best Practical Solutions RT 2.x y 3.x anteriores a 3.8.12 y 4.x anteriores 4.0.6. Permite a usuarios remotos ejecutar comandos SQL de su elección utilizando el acceso a una cuenta privilegiada. • http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html http://osvdb.org/82136 http://secunia.com/advisories/49259 http://www.securityfocus.com/bid/53660 https://exchange.xforce.ibmcloud.com/vulnerabilities/75824 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 170EXPL: 0CVE-2011-2083
https://notcve.org/view.php?id=CVE-2011-2083
Multiple cross-site scripting (XSS) vulnerabilities in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Best Practical Solutions RT v3.x anteriores a v3.8.12 y v4.x anteriores a v4.0.6, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html http://secunia.com/advisories/49259 http://www.securityfocus.com/bid/53660 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 170EXPL: 0CVE-2011-2084
https://notcve.org/view.php?id=CVE-2011-2084
Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to read (1) hashes of former passwords and (2) ticket correspondence history by leveraging access to a privileged account. Best Practical Solutions RT 3.x anteriores a 3.8.12 y 4.x anteriores a 4.0.6 permiten a usuarios autenticados remotos leer (1) hashes de contraseñas previas e (2) historial de correspondencia de tickets utilizando el acceso a una cuenta privilegiada. • http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html http://secunia.com/advisories/49259 http://www.securityfocus.com/bid/53660 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.5EPSS: 0%CPEs: 170EXPL: 0CVE-2011-4459
https://notcve.org/view.php?id=CVE-2011-4459
Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not properly disable groups, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging a group membership. Best Practical Solutions RT 3.x anteriores a 3.8.12 y 4.x anteriores a 4.0.6 no deshabilitan apropiadamente los grupos, lo que permite a usuarios autenticados remotos evitar las restricciones de acceso previstas en determinadas circunstancias utilizando una pertenencia a grupo. • http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html http://secunia.com/advisories/49259 http://www.securityfocus.com/bid/53660 • CWE-264: Permissions, Privileges, and Access Controls •