Bestpractical

Rt

43 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 2.33%
  • Veröffentlicht 22.04.2011 10:55:02
  • Zuletzt bearbeitet 16.06.2026 23:29:50

Multiple cross-site scripting (XSS) vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • EPSS 1.12%
  • Veröffentlicht 22.04.2011 10:55:02
  • Zuletzt bearbeitet 16.06.2026 23:29:49

Best Practical Solutions RT 3.8.0 through 3.8.9 and 4.0.0rc through 4.0.0rc7, when the CustomFieldValuesSources (aka external custom field) option is enabled, allows remote authenticated users to execute arbitrary code via unspecified vectors, as dem...

  • EPSS 1.34%
  • Veröffentlicht 22.04.2011 10:55:02
  • Zuletzt bearbeitet 16.06.2026 23:29:49

Multiple SQL injection vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors, as demonstrated ...

  • EPSS 1.45%
  • Veröffentlicht 22.04.2011 10:55:02
  • Zuletzt bearbeitet 16.06.2026 23:29:50

Best Practical Solutions RT 3.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote authenticated users to obtain sensitive information by using the search interface, as demonstrated by retrieving encrypted passwords.

  • EPSS 3.78%
  • Veröffentlicht 22.04.2011 10:55:02
  • Zuletzt bearbeitet 16.06.2026 23:29:50

Directory traversal vulnerability in Best Practical Solutions RT 3.2.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote attackers to read arbitrary files via a crafted HTTP request.

  • EPSS 2.36%
  • Veröffentlicht 22.04.2011 10:55:02
  • Zuletzt bearbeitet 16.06.2026 23:29:50

Best Practical Solutions RT 3.6.0 through 3.6.10 and 3.8.0 through 3.8.8 allows remote attackers to trick users into sending credentials to an arbitrary server via unspecified vectors.

  • EPSS 1.53%
  • Veröffentlicht 28.02.2011 16:00:01
  • Zuletzt bearbeitet 16.06.2026 23:28:32

Scrips_Overlay.pm in Best Practical Solutions RT before 3.8.9 does not properly restrict access to a TicketObj in a Scrip after a CurrentUser change, which allows remote authenticated users to obtain sensitive information via unspecified vectors, as ...

  • EPSS 0.4%
  • Veröffentlicht 28.02.2011 16:00:01
  • Zuletzt bearbeitet 16.06.2026 23:28:32

Best Practical Solutions RT before 3.8.9 does not perform certain redirect actions upon a login, which allows physically proximate attackers to obtain credentials by resubmitting the login form via the back button of a web browser on an unattended wo...

  • EPSS 1.88%
  • Veröffentlicht 25.01.2011 19:00:03
  • Zuletzt bearbeitet 16.06.2026 23:26:36

Best Practical Solutions RT 3.x before 3.8.9rc2 and 4.x before 4.0.0rc4 uses the MD5 algorithm for password hashes, which makes it easier for context-dependent attackers to determine cleartext passwords via a brute-force attack on the database.

  • EPSS 1.84%
  • Veröffentlicht 02.12.2009 16:30:00
  • Zuletzt bearbeitet 16.06.2026 23:13:08

Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that lev...