|
303461
|
- |
|
otrs
|
otrs
|
Open Ticket Request System (OTRS) before 2.3.5 does not properly disable hidden permissions, which allows remote authenticated users to bypass intended queue access restrictions in opportunistic circ…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-4768
|
2024-11-21 10:21 |
2011-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303462
|
- |
|
otrs
|
otrs
|
Open Ticket Request System (OTRS) before 2.3.6 does not properly handle e-mail messages in which the From line contains UTF-8 characters associated with diacritical marks and an invalid charset, whic…
|
CWE-20
Improper Input Validation
|
CVE-2010-4767
|
2024-11-21 10:21 |
2011-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303463
|
- |
|
otrs
|
otrs
|
The AgentTicketForward feature in Open Ticket Request System (OTRS) before 2.4.7 does not properly remove inline images from HTML e-mail messages, which allows remote attackers to obtain potentially …
|
CWE-20
Improper Input Validation
|
CVE-2010-4766
|
2024-11-21 10:21 |
2011-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303464
|
- |
|
otrs
|
otrs
|
Race condition in the Kernel::System::Main::FileWrite method in Open Ticket Request System (OTRS) before 2.4.8 allows remote authenticated users to corrupt the TicketCounter.log data in opportunistic…
|
CWE-362
Race Condition
|
CVE-2010-4765
|
2024-11-21 10:21 |
2011-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303465
|
- |
|
otrs
|
otrs
|
Open Ticket Request System (OTRS) before 2.4.10, and 3.x before 3.0.3, does not present warnings about incoming encrypted e-mail messages that were based on revoked PGP or GPG keys, which makes it ea…
|
CWE-255
Credentials Management
|
CVE-2010-4764
|
2024-11-21 10:21 |
2011-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303466
|
- |
|
otrs
|
otrs
|
The ACL-customer-status Ticket Type setting in Open Ticket Request System (OTRS) before 3.0.0-beta1 does not restrict the ticket options after an AJAX reload, which allows remote authenticated users …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-4763
|
2024-11-21 10:21 |
2011-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303467
|
- |
|
otrs
|
otrs
|
The customer-interface ticket-print dialog in Open Ticket Request System (OTRS) before 3.0.0-beta3 does not properly restrict customer-visible data, which allows remote authenticated users to obtain …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-4761
|
2024-11-21 10:21 |
2011-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303468
|
- |
|
otrs
|
otrs
|
Cross-site scripting (XSS) vulnerability in the rich-text-editor component in Open Ticket Request System (OTRS) before 3.0.0-beta2 allows remote authenticated users to inject arbitrary web script or …
|
CWE-79
Cross-site Scripting
|
CVE-2010-4762
|
2024-11-21 10:21 |
2011-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303469
|
- |
|
otrs
|
otrs
|
Open Ticket Request System (OTRS) before 3.0.0-beta6 adds email-notification-ext articles to tickets during processing of event-based notifications, which allows remote authenticated users to obtain …
|
CWE-200
Information Exposure
|
CVE-2010-4760
|
2024-11-21 10:21 |
2011-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303470
|
- |
|
otrs
|
otrs
|
Open Ticket Request System (OTRS) before 3.0.0-beta7 does not properly restrict the ticket ages that are within the scope of a search, which allows remote authenticated users to cause a denial of ser…
|
CWE-20
Improper Input Validation
|
CVE-2010-4759
|
2024-11-21 10:21 |
2011-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
