CVSS: 5.0EPSS: 0%CPEs: 79EXPL: 0CVE-2009-5057
https://notcve.org/view.php?id=CVE-2009-5057
The S/MIME feature in Open Ticket Request System (OTRS) before 2.3.4 does not configure the RANDFILE and HOME environment variables for OpenSSL, which might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available for cryptographic operations, related to inability to write to the seeding file. La función S/MIME en Open Ticket Request System (OTRS) anterior a v2.3.4 no configura el RANDFILE y las variables de entorno HOME para OpenSSL, lo que podría facilitar a los atacantes remotos descifrar los mensajes de correo electrónico que tenían menos entropía de la prevista para las operaciones de cifrado, relacionado con la imposibilidad de escribir en el fichero de la generación de semillas para la clave. • http://bugs.otrs.org/show_bug.cgi?id=3462 http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807 • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 29EXPL: 0CVE-2011-0456
https://notcve.org/view.php?id=CVE-2011-0456
webscript.pl in Open Ticket Request System (OTRS) 2.3.4 and earlier allows remote attackers to execute arbitrary commands via unspecified vectors, related to a "command injection vulnerability." Se presenta una vulnerabilidad en el archivo webscript.pl en Open Ticket Request System (OTRS) versión 2.3.4 y anteriores, permite a los atacantes remotos ejecutar comandos arbitrarios por medio de vectores no especificados, relacionados a una "command injection vulnerability." • http://jvn.jp/en/jp/JVN73162541/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2011-000019 http://secunia.com/advisories/43960 https://hermes.opensuse.org/messages/7797670 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.0EPSS: 2%CPEs: 12EXPL: 0CVE-2010-3476
https://notcve.org/view.php?id=CVE-2010-3476
Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 does not properly handle the matching of Perl regular expressions against HTML e-mail messages, which allows remote attackers to cause a denial of service (CPU consumption) via a large message, a different vulnerability than CVE-2010-2080. Open Ticket Request System (OTRS) v2.3.x anteriores a v2.3.6 y v2.4.x anteriores a v2.4.8 no controla correctamente la adecuación de las expresiones regulares de Perl contra los mensajes de correo electrónico HTML, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) a través de un mensaje grande, es una vulnerabilidad distinta a CVE-2010-2080. • http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html http://otrs.org/advisory/OSA-2010-02-en http://secunia.com/advisories/41381 http://security-tracker.debian.org/tracker/CVE-2010-2080 http://www.securityfocus.com/bid/43264 https://exchange.xforce.ibmcloud.com/vulnerabilities/61869 • CWE-20: Improper Input Validation •
CVSS: 3.5EPSS: 0%CPEs: 12EXPL: 0CVE-2010-2080
https://notcve.org/view.php?id=CVE-2010-2080
Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Open Ticket Request System (OTRS) v2.3.x anteriores a v2.3.6 y v2.4.x anteriores a v2.4.8, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no específicos. • http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html http://otrs.org/advisory/OSA-2010-02-en http://secunia.com/advisories/41381 http://security-tracker.debian.org/tracker/CVE-2010-2080 http://www.securityfocus.com/bid/43264 https://exchange.xforce.ibmcloud.com/vulnerabilities/61868 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 26EXPL: 0CVE-2010-0438
https://notcve.org/view.php?id=CVE-2010-0438
Multiple SQL injection vulnerabilities in Kernel/System/Ticket.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.1.x before 2.1.9, 2.2.x before 2.2.9, 2.3.x before 2.3.5, and 2.4.x before 2.4.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Múltiples vulnerabilidades de inyección SQL en Kernel/System/Ticket.pm en OTRS-Core en Open Ticket Request System (OTRS) v2.1.x anteriores a v2.1.9, v2.2.x anteriores a v2.2.9, v2.3.x anteriores a v2.3.5, y v2.4.x anteriores a v2.4.7 permite a usuarios autenticados ejecutar comandos SQL a través de vectores sin especificar. • http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html http://otrs.org/advisory/OSA-2010-01-en http://otrs.org/releases/2.4.7 http://secunia.com/advisories/38507 http://secunia.com/advisories/38544 http://source.otrs.org/viewvc.cgi/otrs/Kernel/System/Ticket.pm?view=log http://www.osvdb.org/62181 http://www.otrs.org/news/2010/otrs_2-4-7 http://www.securityfocus.com/bid/38146 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •