Filtered by vendor Bestpractical
Subscribe
Total
64 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-1007 | 1 Bestpractical | 1 Rt | 2025-04-11 | 2.1 LOW | N/A |
| Best Practical Solutions RT before 3.8.9 does not perform certain redirect actions upon a login, which allows physically proximate attackers to obtain credentials by resubmitting the login form via the back button of a web browser on an unattended workstation after an RT logout. | |||||
| CVE-2012-4730 | 1 Bestpractical | 1 Rt | 2025-04-11 | 3.5 LOW | N/A |
| Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote authenticated users with ModifySelf or AdminUser privileges to inject arbitrary email headers and conduct phishing attacks or obtain sensitive information via unknown vectors. | |||||
| CVE-2011-5093 | 1 Bestpractical | 1 Rt | 2025-04-11 | 6.5 MEDIUM | N/A |
| Best Practical Solutions RT 4.x before 4.0.6 does not properly implement the DisallowExecuteCode option, which allows remote authenticated users to bypass intended access restrictions and execute arbitrary code by leveraging access to a privileged account, a different vulnerability than CVE-2011-4458 and CVE-2011-5092. | |||||
| CVE-2011-2085 | 1 Bestpractical | 1 Rt | 2025-04-11 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Best Practical Solutions RT before 3.8.12 and 4.x before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2011-1008 | 1 Bestpractical | 1 Rt | 2025-04-11 | 4.0 MEDIUM | N/A |
| Scrips_Overlay.pm in Best Practical Solutions RT before 3.8.9 does not properly restrict access to a TicketObj in a Scrip after a CurrentUser change, which allows remote authenticated users to obtain sensitive information via unspecified vectors, as demonstrated by custom-field value information, related to SQL logging. | |||||
| CVE-2012-6581 | 1 Bestpractical | 1 Request Tracker | 2025-04-11 | 4.3 MEDIUM | N/A |
| Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to bypass intended restrictions on reading keys in the product's keyring, and trigger outbound e-mail messages signed by an arbitrary stored secret key, by leveraging a UI e-mail signing privilege. | |||||
| CVE-2013-3370 | 1 Bestpractical | 1 Rt | 2025-04-11 | 6.8 MEDIUM | N/A |
| Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 does not properly restrict access to private callback components, which allows remote attackers to have an unspecified impact via a direct request. | |||||
| CVE-2012-4734 | 1 Bestpractical | 1 Rt | 2025-04-11 | 5.0 MEDIUM | N/A |
| Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to conduct a "confused deputy" attack to bypass the CSRF warning protection mechanism and cause victims to "modify arbitrary state" via unknown vectors related to a crafted link. | |||||
| CVE-2013-5587 | 1 Bestpractical | 1 Rt | 2025-04-11 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.13, when MakeClicky is configured, allows remote attackers to inject arbitrary web script or HTML via a URL in a ticket. NOTE: this issue has been SPLIT from CVE-2013-3371 due to different affected versions. | |||||
| CVE-2011-1688 | 1 Bestpractical | 1 Rt | 2025-04-11 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in Best Practical Solutions RT 3.2.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote attackers to read arbitrary files via a crafted HTTP request. | |||||
| CVE-2011-1686 | 1 Bestpractical | 1 Rt | 2025-04-11 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors, as demonstrated by reading data. | |||||
| CVE-2009-3585 | 1 Bestpractical | 1 Rt | 2025-04-09 | 5.8 MEDIUM | N/A |
| Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that leverages a second web server within the same domain. | |||||
| CVE-2009-3892 | 1 Bestpractical | 1 Rt | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Best Practical Solutions RT 3.6.x before 3.6.9, 3.8.x before 3.8.5, and other 3.4.6 through 3.8.4 versions allows remote attackers to inject arbitrary web script or HTML via certain Custom Fields. | |||||
| CVE-2008-3502 | 1 Bestpractical | 1 Rt | 2025-04-09 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Best Practical Solutions RT 3.0.0 through 3.6.6 allows remote authenticated users to cause a denial of service (CPU or memory consumption) via unspecified vectors related to the Devel::StackTrace module for Perl. | |||||
| CVE-2009-4151 | 1 Bestpractical | 1 Rt | 2025-04-09 | 5.8 MEDIUM | N/A |
| Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that leverages "HTTP access to the RT server," a related issue to CVE-2009-3585. | |||||
| CVE-2023-45024 | 1 Bestpractical | 1 Request Tracker | 2024-11-21 | N/A | 7.5 HIGH |
| Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder. | |||||
| CVE-2023-41260 | 1 Bestpractical | 1 Request Tracker | 2024-11-21 | N/A | 7.5 HIGH |
| Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls. | |||||
| CVE-2023-41259 | 1 Bestpractical | 1 Request Tracker | 2024-11-21 | N/A | 7.5 HIGH |
| Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call. | |||||
| CVE-2022-25803 | 1 Bestpractical | 1 Request Tracker | 2024-11-21 | N/A | 6.1 MEDIUM |
| Best Practical Request Tracker (RT) before 5.0.3 has an Open Redirect via a ticket search. | |||||
| CVE-2022-25802 | 1 Bestpractical | 1 Request Tracker | 2024-11-21 | N/A | 6.1 MEDIUM |
| Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment. | |||||