Search
Search Results (72 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-3525 | 1 Bestpractical | 1 Request Tracker | 2025-04-11 | N/A |
| SQL injection vulnerability in Approvals/ in Request Tracker (RT) 4.0.10 and earlier allows remote attackers to execute arbitrary SQL commands via the ShowPending parameter. NOTE: the vendor disputes this issue, stating "We were unable to replicate it, and the individual that reported it retracted their report," and "we had verified that the claimed exploit did not function according to the author's claims. | ||||
| CVE-2013-5587 | 1 Bestpractical | 1 Rt | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.13, when MakeClicky is configured, allows remote attackers to inject arbitrary web script or HTML via a URL in a ticket. NOTE: this issue has been SPLIT from CVE-2013-3371 due to different affected versions. | ||||
| CVE-2011-1685 | 1 Bestpractical | 1 Rt | 2025-04-11 | N/A |
| Best Practical Solutions RT 3.8.0 through 3.8.9 and 4.0.0rc through 4.0.0rc7, when the CustomFieldValuesSources (aka external custom field) option is enabled, allows remote authenticated users to execute arbitrary code via unspecified vectors, as demonstrated by a cross-site request forgery (CSRF) attack. | ||||
| CVE-2011-1687 | 1 Bestpractical | 1 Rt | 2025-04-11 | N/A |
| Best Practical Solutions RT 3.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote authenticated users to obtain sensitive information by using the search interface, as demonstrated by retrieving encrypted passwords. | ||||
| CVE-2011-1688 | 1 Bestpractical | 1 Rt | 2025-04-11 | N/A |
| Directory traversal vulnerability in Best Practical Solutions RT 3.2.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote attackers to read arbitrary files via a crafted HTTP request. | ||||
| CVE-2023-45024 | 1 Bestpractical | 1 Request Tracker | 2024-11-21 | 7.5 High |
| Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder. | ||||
| CVE-2022-25803 | 1 Bestpractical | 1 Request Tracker | 2024-11-21 | 6.1 Medium |
| Best Practical Request Tracker (RT) before 5.0.3 has an Open Redirect via a ticket search. | ||||
| CVE-2022-25802 | 1 Bestpractical | 1 Request Tracker | 2024-11-21 | 6.1 Medium |
| Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment. | ||||
| CVE-2022-25801 | 1 Bestpractical | 1 Request Tracker For Incident Response | 2024-11-21 | 9.1 Critical |
| Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via Scripted Action tools. | ||||
| CVE-2022-25800 | 1 Bestpractical | 1 Request Tracker For Incident Response | 2024-11-21 | 9.1 Critical |
| Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via the whois lookup tool. | ||||
| CVE-2021-38562 | 3 Bestpractical, Debian, Fedoraproject | 3 Request Tracker, Debian Linux, Fedora | 2024-11-21 | 7.5 High |
| Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm. | ||||
| CVE-2018-18898 | 4 Bestpractical, Canonical, Debian and 1 more | 4 Request Tracker, Ubuntu Linux, Debian Linux and 1 more | 2024-11-21 | 7.5 High |
| The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing. | ||||