|
299201
|
- |
|
otrs
|
otrs
|
The ACL-customer-status Ticket Type setting in Open Ticket Request System (OTRS) before 3.0.0-beta1 does not restrict the ticket options after an AJAX reload, which allows remote authenticated users …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-4763
|
2024-11-21 10:21 |
2011-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299202
|
- |
|
otrs
|
otrs
|
The customer-interface ticket-print dialog in Open Ticket Request System (OTRS) before 3.0.0-beta3 does not properly restrict customer-visible data, which allows remote authenticated users to obtain …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-4761
|
2024-11-21 10:21 |
2011-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299203
|
- |
|
otrs
|
otrs
|
Cross-site scripting (XSS) vulnerability in the rich-text-editor component in Open Ticket Request System (OTRS) before 3.0.0-beta2 allows remote authenticated users to inject arbitrary web script or …
|
CWE-79
Cross-site Scripting
|
CVE-2010-4762
|
2024-11-21 10:21 |
2011-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299204
|
- |
|
otrs
|
otrs
|
Open Ticket Request System (OTRS) before 3.0.0-beta6 adds email-notification-ext articles to tickets during processing of event-based notifications, which allows remote authenticated users to obtain …
|
CWE-200
Information Exposure
|
CVE-2010-4760
|
2024-11-21 10:21 |
2011-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299205
|
- |
|
otrs
|
otrs
|
Open Ticket Request System (OTRS) before 3.0.0-beta7 does not properly restrict the ticket ages that are within the scope of a search, which allows remote authenticated users to cause a denial of ser…
|
CWE-20
Improper Input Validation
|
CVE-2010-4759
|
2024-11-21 10:21 |
2011-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299206
|
- |
|
otrs
|
otrs
|
installer.pl in Open Ticket Request System (OTRS) before 3.0.3 has an Inbound Mail Password field that uses the text type, instead of the password type, for its INPUT element, which makes it easier f…
|
CWE-310
Cryptographic Issues
|
CVE-2010-4758
|
2024-11-21 10:21 |
2011-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299207
|
- |
|
e107
|
e107
|
Cross-site scripting (XSS) vulnerability in submitnews.php in e107 before 0.7.23 allows remote attackers to inject arbitrary web script or HTML via the submitnews_title parameter, a different vector …
|
CWE-79
Cross-site Scripting
|
CVE-2010-4757
|
2024-11-21 10:21 |
2011-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299208
|
- |
|
gnu
|
gnu_patch
|
Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a filename that is specified with a .. (dot…
|
CWE-22
Path Traversal
|
CVE-2010-4651
|
2024-11-21 10:21 |
2011-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299209
|
- |
|
gnu
|
glibc
|
The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not …
|
CWE-399
Resource Management Errors
|
CVE-2010-4756
|
2024-11-21 10:21 |
2011-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299210
|
- |
|
openbsd
freebsd
netbsd
|
openssh
freebsd
netbsd
openbsd
|
The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow…
|
CWE-399
Resource Management Errors
|
CVE-2010-4755
|
2024-11-21 10:21 |
2011-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
