CVE-2010-4763
- EPSS 1.57%
- Veröffentlicht 18.03.2011 16:55:01
- Zuletzt bearbeitet 16.06.2026 23:25:29
The ACL-customer-status Ticket Type setting in Open Ticket Request System (OTRS) before 3.0.0-beta1 does not restrict the ticket options after an AJAX reload, which allows remote authenticated users to bypass intended ACL restrictions on the (1) Stat...
- EPSS 1.47%
- Veröffentlicht 18.03.2011 16:55:01
- Zuletzt bearbeitet 16.06.2026 23:25:30
Open Ticket Request System (OTRS) before 2.4.10, and 3.x before 3.0.3, does not present warnings about incoming encrypted e-mail messages that were based on revoked PGP or GPG keys, which makes it easier for remote attackers to spoof e-mail communica...
CVE-2010-4765
- EPSS 0.62%
- Veröffentlicht 18.03.2011 16:55:01
- Zuletzt bearbeitet 16.06.2026 23:25:30
Race condition in the Kernel::System::Main::FileWrite method in Open Ticket Request System (OTRS) before 2.4.8 allows remote authenticated users to corrupt the TicketCounter.log data in opportunistic circumstances by creating tickets.
CVE-2010-4766
- EPSS 1.09%
- Veröffentlicht 18.03.2011 16:55:01
- Zuletzt bearbeitet 16.06.2026 23:25:30
The AgentTicketForward feature in Open Ticket Request System (OTRS) before 2.4.7 does not properly remove inline images from HTML e-mail messages, which allows remote attackers to obtain potentially sensitive image information in opportunistic circum...
- EPSS 1.69%
- Veröffentlicht 18.03.2011 16:55:01
- Zuletzt bearbeitet 16.06.2026 23:25:30
Open Ticket Request System (OTRS) before 2.3.6 does not properly handle e-mail messages in which the From line contains UTF-8 characters associated with diacritical marks and an invalid charset, which allows remote attackers to cause a denial of serv...
- EPSS 0.97%
- Veröffentlicht 18.03.2011 16:55:01
- Zuletzt bearbeitet 16.06.2026 23:25:30
Open Ticket Request System (OTRS) before 2.3.5 does not properly disable hidden permissions, which allows remote authenticated users to bypass intended queue access restrictions in opportunistic circumstances by visiting a ticket, related to a certai...
- EPSS 1.47%
- Veröffentlicht 18.03.2011 16:55:01
- Zuletzt bearbeitet 16.06.2026 23:29:20
The (1) AgentInterface and (2) CustomerInterface components in Open Ticket Request System (OTRS) before 3.0.6 place cleartext credentials into the session data in the database, which makes it easier for context-dependent attackers to obtain sensitive...
CVE-2011-0456
- EPSS 3%
- Veröffentlicht 11.03.2011 17:55:02
- Zuletzt bearbeitet 16.06.2026 23:27:25
webscript.pl in Open Ticket Request System (OTRS) 2.3.4 and earlier allows remote attackers to execute arbitrary commands via unspecified vectors, related to a "command injection vulnerability."
CVE-2010-4071
- EPSS 1.89%
- Veröffentlicht 20.01.2011 19:00:05
- Zuletzt bearbeitet 16.06.2026 23:24:04
Cross-site scripting (XSS) vulnerability in AgentTicketZoom in OTRS 2.4.x before 2.4.9, when RichText is enabled, allows remote attackers to inject arbitrary web script or HTML via JavaScript in an HTML e-mail.
- EPSS 2.52%
- Veröffentlicht 20.09.2010 22:00:04
- Zuletzt bearbeitet 16.06.2026 23:22:50
Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 does not properly handle the matching of Perl regular expressions against HTML e-mail messages, which allows remote attackers to cause a denial of service (CPU consumption) v...