CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2005-1439
https://notcve.org/view.php?id=CVE-2005-1439
03 May 2005 — Directory traversal vulnerability in attachments.php in osTicket allows remote attackers to read arbitrary files via .. sequences in the file parameter. • http://secunia.com/advisories/15216 •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 2CVE-2004-0613 – osTicket STS 1.2 - Attachment Remote Command Execution
https://notcve.org/view.php?id=CVE-2004-0613
30 Jun 2004 — osTicket allows remote attackers to view sensitive uploaded files and possibly execute arbitrary code via an HTTP request that uploads a PHP file to the ticket attachments directory. osTicket permite a atacantes remotos ver ficheros sensibles subidos y posiblemente ejecutar código de su elección mediante una petición HTTP que sube un fichero PHP al directorio de adjuntos de tiques. • https://www.exploit-db.com/exploits/24225 •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2004-0614
https://notcve.org/view.php?id=CVE-2004-0614
30 Jun 2004 — osTicket trusts a hidden form field in the submit form to limit the upload size of a document, which could allow remote attackers to upload a file of any size. osTicket confía en un campo oculto en el formulario de envío para limitar el tamaño de subida de un documento, lo que podría permitir a atacantes remotos subir ficheros de cualquier tamaño. • http://marc.info/?l=bugtraq&m=108786779500957&w=2 •