CVE-2006-6733 – osTicket 1.2/1.3 Support Cards - 'view.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-6733
26 Dec 2006 — Cross-site scripting (XSS) vulnerability in support/view.php in Support Cards 1 (osTicket) allows remote attackers to inject arbitrary web script or HTML via the e parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en support/view.php de Support Cards 1 (osTicket) permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro e. • https://www.exploit-db.com/exploits/29298 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2005-2153
https://notcve.org/view.php?id=CVE-2005-2153
06 Jul 2005 — SQL injection vulnerability in class.ticket.php in osTicket 1.3.1 beta and earlier allows remote attackers to execute arbitrary SQL commands via the ticket variable. • http://seclists.org/lists/bugtraq/2005/Jul/0009.html •
CVE-2005-2154 – osTicket 1.2/1.3 - 'view.php?inc' Arbitrary Local File Inclusion
https://notcve.org/view.php?id=CVE-2005-2154
06 Jul 2005 — PHP local file inclusion vulnerability in (1) view.php and (2) open.php in osTicket 1.3.1 beta and earlier allows remote attackers to include and possibly execute arbitrary local files via the inc parameter. • https://www.exploit-db.com/exploits/25926 •
CVE-2004-0613 – osTicket STS 1.2 - Attachment Remote Command Execution
https://notcve.org/view.php?id=CVE-2004-0613
30 Jun 2004 — osTicket allows remote attackers to view sensitive uploaded files and possibly execute arbitrary code via an HTTP request that uploads a PHP file to the ticket attachments directory. osTicket permite a atacantes remotos ver ficheros sensibles subidos y posiblemente ejecutar código de su elección mediante una petición HTTP que sube un fichero PHP al directorio de adjuntos de tiques. • https://www.exploit-db.com/exploits/24225 •
CVE-2004-0614
https://notcve.org/view.php?id=CVE-2004-0614
30 Jun 2004 — osTicket trusts a hidden form field in the submit form to limit the upload size of a document, which could allow remote attackers to upload a file of any size. osTicket confía en un campo oculto en el formulario de envío para limitar el tamaño de subida de un documento, lo que podría permitir a atacantes remotos subir ficheros de cualquier tamaño. • http://marc.info/?l=bugtraq&m=108786779500957&w=2 •