Bestpractical

Rt

39 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2011-1689

  • EPSS 0.56%
  • Veröffentlicht 22.04.2011 10:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3

CVE-2011-1690

  • EPSS 0.82%
  • Veröffentlicht 22.04.2011 10:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Best Practical Solutions RT 3.6.0 through 3.6.10 and 3.8.0 through 3.8.8 allows remote attackers to trick users into sending credentials to an arbitrary server via unspecified vectors.

4

CVE-2011-1008

  • EPSS 0.61%
  • Veröffentlicht 28.02.2011 16:00:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Scrips_Overlay.pm in Best Practical Solutions RT before 3.8.9 does not properly restrict access to a TicketObj in a Scrip after a CurrentUser change, which allows remote authenticated users to obtain sensitive information via unspecified vectors, as ...

2.1

CVE-2011-1007

  • EPSS 0.11%
  • Veröffentlicht 28.02.2011 16:00:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Best Practical Solutions RT before 3.8.9 does not perform certain redirect actions upon a login, which allows physically proximate attackers to obtain credentials by resubmitting the login form via the back button of a web browser on an unattended wo...

4.3

CVE-2011-0009

  • EPSS 0.83%
  • Veröffentlicht 25.01.2011 19:00:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Best Practical Solutions RT 3.x before 3.8.9rc2 and 4.x before 4.0.0rc4 uses the MD5 algorithm for password hashes, which makes it easier for context-dependent attackers to determine cleartext passwords via a brute-force attack on the database.

5.8

CVE-2009-4151

  • EPSS 1.25%
  • Veröffentlicht 02.12.2009 16:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that lev...

5.8

CVE-2009-3585

  • EPSS 1.35%
  • Veröffentlicht 02.12.2009 16:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that lev...

4.3

CVE-2009-3892

  • EPSS 0.33%
  • Veröffentlicht 17.11.2009 18:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in Best Practical Solutions RT 3.6.x before 3.6.9, 3.8.x before 3.8.5, and other 3.4.6 through 3.8.4 versions allows remote attackers to inject arbitrary web script or HTML via certain Custom Fields.

4

CVE-2008-3502

  • EPSS 0.51%
  • Veröffentlicht 06.08.2008 18:41:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Unspecified vulnerability in Best Practical Solutions RT 3.0.0 through 3.6.6 allows remote authenticated users to cause a denial of service (CPU or memory consumption) via unspecified vectors related to the Devel::StackTrace module for Perl.