Osticket

Osticket

31 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2015-1176

Exploit
  • EPSS 0.31%
  • Veröffentlicht 23.01.2015 15:59:11
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in upload/scp/tickets.php in osTicket before 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the status parameter in a search action.

4.3

CVE-2014-4744

Exploit
  • EPSS 0.26%
  • Veröffentlicht 09.07.2014 14:55:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in osTicket before 1.9.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Phone Number field to open.php or (2) Phone number field, (3) passwd1 field, (4) passwd2 field, or ...

5

CVE-2010-4634

Exploit
  • EPSS 0.18%
  • Veröffentlicht 30.12.2010 21:00:05
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Directory traversal vulnerability in osTicket 1.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to module.php, a different vector than CVE-2005-1439. NOTE: this issue has been disputed by a reliable third p...

3.5

CVE-2010-0606

Exploit
  • EPSS 0.2%
  • Veröffentlicht 11.02.2010 17:30:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users to inject arbitrary web script or HTML via the f parameter, possibly related to an error message generated by scp/admin.php.

7.5

CVE-2010-0605

Exploit
  • EPSS 0.72%
  • Veröffentlicht 11.02.2010 17:30:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

SQL injection vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users, with "Staff" permissions, to execute arbitrary SQL commands via the input parameter.

7.5

CVE-2009-2361

Exploit
  • EPSS 1.28%
  • Veröffentlicht 08.07.2009 15:30:01
  • Zuletzt bearbeitet 09.04.2025 00:30:58

SQL injection vulnerability in include/class.staff.php in osTicket before 1.6 RC5 allows remote attackers to execute arbitrary SQL commands via the staff username parameter.

7.5

CVE-2006-5407

  • EPSS 0.72%
  • Veröffentlicht 19.10.2006 01:07:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

PHP remote file inclusion vulnerability in open_form.php in osTicket allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter.

6.8

CVE-2005-1436

Exploit
  • EPSS 2.08%
  • Veröffentlicht 03.05.2005 04:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

Multiple cross-site scripting (XSS) vulnerabilities in osTicket allow remote attackers to inject arbitrary web script or HTML via (1) the t parameter to view.php, (2) the osticket_title parameter to header.php, (3) the em parameter to admin_login.php...

7.5

CVE-2005-1439

  • EPSS 0.94%
  • Veröffentlicht 03.05.2005 04:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

Directory traversal vulnerability in attachments.php in osTicket allows remote attackers to read arbitrary files via .. sequences in the file parameter.

7.5

CVE-2005-1438

  • EPSS 0.72%
  • Veröffentlicht 03.05.2005 04:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

PHP remote file inclusion vulnerability in main.php in osTicket allows remote attackers to execute arbitrary PHP code via the include_dir parameter.