Search Results (74 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-6581 1 Bestpractical 1 Request Tracker 2025-04-11 N/A
Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to bypass intended restrictions on reading keys in the product's keyring, and trigger outbound e-mail messages signed by an arbitrary stored secret key, by leveraging a UI e-mail signing privilege.
CVE-2013-3525 1 Bestpractical 1 Request Tracker 2025-04-11 N/A
SQL injection vulnerability in Approvals/ in Request Tracker (RT) 4.0.10 and earlier allows remote attackers to execute arbitrary SQL commands via the ShowPending parameter. NOTE: the vendor disputes this issue, stating "We were unable to replicate it, and the individual that reported it retracted their report," and "we had verified that the claimed exploit did not function according to the author's claims.
CVE-2011-0009 1 Bestpractical 1 Rt 2025-04-11 N/A
Best Practical Solutions RT 3.x before 3.8.9rc2 and 4.x before 4.0.0rc4 uses the MD5 algorithm for password hashes, which makes it easier for context-dependent attackers to determine cleartext passwords via a brute-force attack on the database.
CVE-2012-4730 1 Bestpractical 1 Rt 2025-04-11 N/A
Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote authenticated users with ModifySelf or AdminUser privileges to inject arbitrary email headers and conduct phishing attacks or obtain sensitive information via unknown vectors.
CVE-2012-4731 1 Bestpractical 1 Rtfm 2025-04-11 N/A
FAQ manager for Request Tracker (RTFM) before 2.4.5 does not properly check user rights, which allows remote authenticated users to create arbitrary articles in arbitrary classes via unknown vectors.
CVE-2012-4884 1 Bestpractical 1 Rt 2025-04-11 N/A
Argument injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to create arbitrary files via unspecified vectors related to the GnuPG client.
CVE-2011-4460 1 Bestpractical 1 Rt 2025-04-11 N/A
SQL injection vulnerability in Best Practical Solutions RT 2.x and 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to execute arbitrary SQL commands by leveraging access to a privileged account.
CVE-2023-45024 1 Bestpractical 1 Request Tracker 2024-11-21 7.5 High
Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder.
CVE-2022-25803 1 Bestpractical 1 Request Tracker 2024-11-21 6.1 Medium
Best Practical Request Tracker (RT) before 5.0.3 has an Open Redirect via a ticket search.
CVE-2022-25802 1 Bestpractical 1 Request Tracker 2024-11-21 6.1 Medium
Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment.
CVE-2022-25801 1 Bestpractical 1 Request Tracker For Incident Response 2024-11-21 9.1 Critical
Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via Scripted Action tools.
CVE-2022-25800 1 Bestpractical 1 Request Tracker For Incident Response 2024-11-21 9.1 Critical
Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via the whois lookup tool.
CVE-2021-38562 3 Bestpractical, Debian, Fedoraproject 3 Request Tracker, Debian Linux, Fedora 2024-11-21 7.5 High
Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm.
CVE-2018-18898 4 Bestpractical, Canonical, Debian and 1 more 4 Request Tracker, Ubuntu Linux, Debian Linux and 1 more 2024-11-21 7.5 High
The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing.