NotCVE - vendor:"Bestpractical" product:"Rt" version:"4.0.0"

Page 4 of 30 results (0.012 seconds)

CVSS: 6.5EPSS: 0%CPEs: 15EXPL: 0

CVE-2011-5093

https://notcve.org/view.php?id=CVE-2011-5093

Best Practical Solutions RT 4.x before 4.0.6 does not properly implement the DisallowExecuteCode option, which allows remote authenticated users to bypass intended access restrictions and execute arbitrary code by leveraging access to a privileged account, a different vulnerability than CVE-2011-4458 and CVE-2011-5092. Best Practical Solutions RT 4.x anteriores a 4.0.6 no implementa apropiadamente la opción DisallowExecuteCode, lo que permite a usuarios autenticados remotos evitar las restricciones de acceso previstas y ejecutar código arbitrario utilizando el acceso a una cuenta con privilegios. Una vulnerabilidad distinta a la CVE-2011-4458 y CVE-2011-5092. • http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 3%CPEs: 170EXPL: 0

CVE-2011-5092

https://notcve.org/view.php?id=CVE-2011-5092

Best Practical Solutions RT 3.8.x before 3.8.12 and 4.x before 4.0.6 allows remote attackers to execute arbitrary code and gain privileges via unspecified vectors, a different vulnerability than CVE-2011-4458 and CVE-2011-5093. Best Practical Solutions RT 3.8.x anteriores a 3.8.12 y 4.x anteriores a 4.0.6 permite a atacantes remotos ejecutar código arbitrario y escalar privilegios a través de vectores de ataque sin especificar. Una vulnerabilidad distinta a la CVE-2011-4458 y CVE-2011-5093. • http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 170EXPL: 0

CVE-2011-2082

https://notcve.org/view.php?id=CVE-2011-2082

The vulnerable-passwords script in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not update the password-hash algorithm for disabled user accounts, which makes it easier for context-dependent attackers to determine cleartext passwords, and possibly use these passwords after accounts are re-enabled, via a brute-force attack on the database. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-0009. RT v3.x anterior a v3.8.12 y v4.x anteriores a v4.0.6 no actualiza el algoritmo "password-hash" para desactivar las cuentas de usuario, lo que facilita a atacantes dependiendo del contexto para determinar contraseñas en texto claro, y posiblemente usar esas contraseñas antes de que las cuentas estén restablecidas, mediante un ataque de fuerza bruta sobre la base de datos. NOTE: Esta vulnerabilidad es debida a una solución incompleta de CVE-2011-0009. • http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html http://secunia.com/advisories/49259 http://www.securityfocus.com/bid/53660 • CWE-255: Credentials Management Errors •

CVSS: 6.8EPSS: 6%CPEs: 86EXPL: 0

CVE-2011-4458

https://notcve.org/view.php?id=CVE-2011-4458

Best Practical Solutions RT 3.6.x, 3.7.x, and 3.8.x before 3.8.12 and 4.x before 4.0.6, when the VERPPrefix and VERPDomain options are enabled, allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-5092 and CVE-2011-5093. Best Practical Solutions RT 3.6.x, 3.7.x, 3.8.x anteriores a 3.8.12 y 4.x anteriores a 4.0.6, si las opciones VERPPrefix y VERPDomain están habilitadas, permiten a atacantes remotos ejecutar código arbitrario a través de vectores sin especificar. Una vulnerabilidad distinta a la CVE-2011-5092 y CVE-2011-5093. • http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html http://secunia.com/advisories/49259 http://www.securityfocus.com/bid/53660 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.5EPSS: 0%CPEs: 187EXPL: 0

CVE-2011-4460

https://notcve.org/view.php?id=CVE-2011-4460

SQL injection vulnerability in Best Practical Solutions RT 2.x and 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to execute arbitrary SQL commands by leveraging access to a privileged account. Vulnerabilidad de inyección SQL en Best Practical Solutions RT 2.x y 3.x anteriores a 3.8.12 y 4.x anteriores 4.0.6. Permite a usuarios remotos ejecutar comandos SQL de su elección utilizando el acceso a una cuenta privilegiada. • http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html http://osvdb.org/82136 http://secunia.com/advisories/49259 http://www.securityfocus.com/bid/53660 https://exchange.xforce.ibmcloud.com/vulnerabilities/75824 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

1 2 3 4 5