Bestpractical

Rt

43 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 1.23%
  • Veröffentlicht 23.08.2013 16:55:07
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote authenticated users with the permissions to view the administration pages to execute arbitrary private components via unspecified vectors.

  • EPSS 2.32%
  • Veröffentlicht 23.08.2013 16:55:07
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 does not properly restrict access to private callback components, which allows remote attackers to have an unspecified impact via a direct request.

  • EPSS 2.06%
  • Veröffentlicht 23.08.2013 16:55:07
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 3.8.3 through 3.8.16 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary web script or HTML via the filename of an attachment.

  • EPSS 2.06%
  • Veröffentlicht 23.08.2013 16:55:07
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject multiple Content-Disposition HTTP headers and possibly conduct cross-site scripting (XSS) attacks via unspecified vectors.

  • EPSS 1.41%
  • Veröffentlicht 23.08.2013 16:55:07
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Unspecified vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13, when using the Apache::Session::File session store, allows remote attackers to obtain sensitive information (user preferences and caches) via unknown vecto...

  • EPSS 1.99%
  • Veröffentlicht 23.08.2013 16:55:07
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.13, when MakeClicky is configured, allows remote attackers to inject arbitrary web script or HTML via a URL in a ticket. NOTE: this issue has been SPLIT from CVE-2013-33...

  • EPSS 1.63%
  • Veröffentlicht 23.08.2013 16:55:06
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors.

  • EPSS 1.57%
  • Veröffentlicht 11.11.2012 13:00:59
  • Zuletzt bearbeitet 16.06.2026 23:45:50

Argument injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to create arbitrary files via unspecified vectors related to the GnuPG client.

  • EPSS 1.82%
  • Veröffentlicht 11.11.2012 13:00:59
  • Zuletzt bearbeitet 16.06.2026 23:45:38

Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to conduct a "confused deputy" attack to bypass the CSRF warning protection mechanism and cause victims to "modify arbitrary state" via unknown vectors related to...

  • EPSS 0.87%
  • Veröffentlicht 11.11.2012 13:00:59
  • Zuletzt bearbeitet 16.06.2026 23:45:38

Cross-site request forgery (CSRF) vulnerability in Request Tracker (RT) 3.8.12 and other versions before 3.8.15, and 4.0.6 and other versions before 4.0.8, allows remote attackers to hijack the authentication of users for requests that toggle ticket ...