Filtered by vendor Otrs
Subscribe
Total
150 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2010-4768 | 1 Otrs | 1 Otrs | 2024-02-28 | 6.0 MEDIUM | N/A |
Open Ticket Request System (OTRS) before 2.3.5 does not properly disable hidden permissions, which allows remote authenticated users to bypass intended queue access restrictions in opportunistic circumstances by visiting a ticket, related to a certain ordering of permission-set and permission-remove operations involving both hidden permissions and other permissions. | |||||
CVE-2008-7280 | 1 Otrs | 1 Otrs | 2024-02-28 | 5.0 MEDIUM | N/A |
Kernel/System/EmailParser.pm in PostmasterPOP3.pl in Open Ticket Request System (OTRS) before 2.2.7 does not properly handle e-mail messages containing malformed UTF-8 characters, which allows remote attackers to cause a denial of service (e-mail retrieval outage) via a crafted message. | |||||
CVE-2010-4767 | 1 Otrs | 1 Otrs | 2024-02-28 | 5.0 MEDIUM | N/A |
Open Ticket Request System (OTRS) before 2.3.6 does not properly handle e-mail messages in which the From line contains UTF-8 characters associated with diacritical marks and an invalid charset, which allows remote attackers to cause a denial of service (duplicate tickets and duplicate auto-responses) by sending a crafted message to a POP3 mailbox. | |||||
CVE-2010-4766 | 1 Otrs | 1 Otrs | 2024-02-28 | 4.3 MEDIUM | N/A |
The AgentTicketForward feature in Open Ticket Request System (OTRS) before 2.4.7 does not properly remove inline images from HTML e-mail messages, which allows remote attackers to obtain potentially sensitive image information in opportunistic circumstances by reading a forwarded message in a standard e-mail client. | |||||
CVE-2010-4758 | 1 Otrs | 1 Otrs | 2024-02-28 | 1.9 LOW | N/A |
installer.pl in Open Ticket Request System (OTRS) before 3.0.3 has an Inbound Mail Password field that uses the text type, instead of the password type, for its INPUT element, which makes it easier for physically proximate attackers to obtain the password by reading the workstation screen. | |||||
CVE-2008-1515 | 1 Otrs | 1 Otrs | 2024-02-28 | 6.4 MEDIUM | N/A |
The SOAP interface in OTRS 2.1.x before 2.1.8 and 2.2.x before 2.2.6 allows remote attackers to "read and modify objects" via SOAP requests, related to "Missing security checks." | |||||
CVE-2007-2524 | 1 Otrs | 1 Otrs | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in index.pl in Open Ticket Request System (OTRS) 2.0.x allows remote attackers to inject arbitrary web script or HTML via the Subaction parameter in an AgentTicketMailbox Action. NOTE: DEBIAN:DSA-1299 originally used this identifier for an ipsec-tools issue, but the proper identifier for the ipsec-tools issue is CVE-2007-1841. | |||||
CVE-2005-3895 | 1 Otrs | 1 Otrs | 2024-02-28 | 5.8 MEDIUM | N/A |
Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3, when AttachmentDownloadType is set to inline, renders text/html e-mail attachments as HTML in the browser when the queue moderator attempts to download the attachment, which allows remote attackers to execute arbitrary web script or HTML. NOTE: this particular issue is referred to as XSS by some sources. | |||||
CVE-2005-3893 | 1 Otrs | 1 Otrs | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) user parameter in the Login action, and remote authenticated users via the (2) TicketID and (3) ArticleID parameters of the AgentTicketPlain action. | |||||
CVE-2005-3894 | 1 Otrs | 1 Otrs | 2024-02-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) hex-encoded values in the QueueID parameter and (2) Action parameters. |