Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bestpractical rt 4.0.0 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-4733
Request Tracker (RT) 4.x prior to 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors.
Bestpractical Rt 4.0.12
Bestpractical Rt 4.0.0
Bestpractical Rt 4.0.11
Bestpractical Rt 4.0.3
Bestpractical Rt 4.0.1
Bestpractical Rt 4.0.2
Bestpractical Rt 4.0.10
NA
CVE-2011-5093
Best Practical Solutions RT 4.x prior to 4.0.6 does not properly implement the DisallowExecuteCode option, which allows remote authenticated users to bypass intended access restrictions and execute arbitrary code by leveraging access to a privileged account, a different vulnerabi...
Bestpractical Rt 4.0.0
Bestpractical Rt 4.0.3
Bestpractical Rt 4.0.1
Bestpractical Rt 4.0.4
Bestpractical Rt 3.8.12
Bestpractical Rt 4.0.2
Bestpractical Rt 4.0.5
NA
CVE-2011-1685
Best Practical Solutions RT 3.8.0 up to and including 3.8.9 and 4.0.0rc up to and including 4.0.0rc7, when the CustomFieldValuesSources (aka external custom field) option is enabled, allows remote authenticated users to execute arbitrary code via unspecified vectors, as demonstra...
Bestpractical Rt 3.8.7
Bestpractical Rt 3.8.9
Bestpractical Rt 3.8.8
Bestpractical Rt 3.8.2
Bestpractical Rt 3.8.0
Bestpractical Rt 3.8.5
Bestpractical Rt 3.8.6
Bestpractical Rt 3.8.3
Bestpractical Rt 3.8.1
Bestpractical Rt 3.8.4
Bestpractical Rt 4.0.0
NA
CVE-2013-5587
Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x prior to 4.0.13, when MakeClicky is configured, allows remote malicious users to inject arbitrary web script or HTML via a URL in a ticket. NOTE: this issue has been SPLIT from CVE-2013-3371 due to different aff...
Bestpractical Rt 4.0.12
Bestpractical Rt 4.0.0
Bestpractical Rt 4.0.9
Bestpractical Rt 4.0.11
Bestpractical Rt 4.0.3
Bestpractical Rt 4.0.8
Bestpractical Rt 4.0.1
Bestpractical Rt 4.0.6
Bestpractical Rt 4.0.2
Bestpractical Rt 4.0.4
Bestpractical Rt 4.0.7
Bestpractical Rt 4.0.10
Bestpractical Rt 4.0.5
NA
CVE-2012-4730
Request Tracker (RT) 3.8.x prior to 3.8.15 and 4.0.x prior to 4.0.8 allows remote authenticated users with ModifySelf or AdminUser privileges to inject arbitrary email headers and conduct phishing attacks or obtain sensitive information via unknown vectors.
Bestpractical Rt 3.8.7
Bestpractical Rt 3.8.9
Bestpractical Rt 4.0.0
Bestpractical Rt 3.8.11
Bestpractical Rt 3.8.8
Bestpractical Rt 3.8.13
Bestpractical Rt 3.8.10
Bestpractical Rt 3.8.1
Bestpractical Rt 3.8.2
Bestpractical Rt 3.8.0
Bestpractical Rt 4.0.3
Bestpractical Rt 4.0.1
Bestpractical Rt 3.8.3
Bestpractical Rt 4.0.6
Bestpractical Rt 4.0.2
Bestpractical Rt 4.0.8
Bestpractical Rt 4.0.4
Bestpractical Rt 3.8.4
Bestpractical Rt 3.8.5
Bestpractical Rt 3.8.6
Bestpractical Rt 3.8.14
Bestpractical Rt 3.8.12
NA
CVE-2012-4734
Request Tracker (RT) 3.8.x prior to 3.8.15 and 4.0.x prior to 4.0.8 allows remote malicious users to conduct a "confused deputy" attack to bypass the CSRF warning protection mechanism and cause victims to "modify arbitrary state" via unknown vectors related to...
Bestpractical Rt 3.8.7
Bestpractical Rt 3.8.9
Bestpractical Rt 4.0.0
Bestpractical Rt 3.8.11
Bestpractical Rt 3.8.8
Bestpractical Rt 3.8.13
Bestpractical Rt 3.8.10
Bestpractical Rt 3.8.1
Bestpractical Rt 3.8.2
Bestpractical Rt 3.8.0
Bestpractical Rt 4.0.3
Bestpractical Rt 4.0.1
Bestpractical Rt 3.8.3
Bestpractical Rt 4.0.6
Bestpractical Rt 4.0.2
Bestpractical Rt 4.0.8
Bestpractical Rt 4.0.4
Bestpractical Rt 3.8.4
Bestpractical Rt 3.8.5
Bestpractical Rt 3.8.6
Bestpractical Rt 3.8.14
Bestpractical Rt 3.8.12
NA
CVE-2012-4884
Argument injection vulnerability in Request Tracker (RT) 3.8.x prior to 3.8.15 and 4.0.x prior to 4.0.8 allows remote malicious users to create arbitrary files via unspecified vectors related to the GnuPG client.
Bestpractical Rt 3.8.7
Bestpractical Rt 3.8.9
Bestpractical Rt 3.8.11
Bestpractical Rt 3.8.8
Bestpractical Rt 3.8.13
Bestpractical Rt 3.8.10
Bestpractical Rt 3.8.1
Bestpractical Rt 3.8.2
Bestpractical Rt 3.8.0
Bestpractical Rt 3.8.3
Bestpractical Rt 3.8.4
Bestpractical Rt 3.8.14
Bestpractical Rt 3.8.5
Bestpractical Rt 3.8.6
Bestpractical Rt 3.8.12
Bestpractical Rt 4.0.0
Bestpractical Rt 4.0.3
Bestpractical Rt 4.0.1
Bestpractical Rt 4.0.6
Bestpractical Rt 4.0.2
Bestpractical Rt 4.0.8
Bestpractical Rt 4.0.4
NA
CVE-2013-3369
Request Tracker (RT) 3.8.x prior to 3.8.17 and 4.0.x prior to 4.0.13 allows remote authenticated users with the permissions to view the administration pages to execute arbitrary private components via unspecified vectors.
Bestpractical Rt 3.8.7
Bestpractical Rt 3.8.9
Bestpractical Rt 3.8.11
Bestpractical Rt 3.8.8
Bestpractical Rt 3.8.13
Bestpractical Rt 3.8.10
Bestpractical Rt 3.8.1
Bestpractical Rt 3.8.2
Bestpractical Rt 3.8.0
Bestpractical Rt 3.8.3
Bestpractical Rt 3.8.15
Bestpractical Rt 3.8.4
Bestpractical Rt 3.8.14
Bestpractical Rt 3.8.5
Bestpractical Rt 3.8.6
Bestpractical Rt 3.8.12
Bestpractical Rt 3.8.16
Bestpractical Rt 4.0.12
Bestpractical Rt 4.0.0
Bestpractical Rt 4.0.9
Bestpractical Rt 4.0.11
Bestpractical Rt 4.0.3
NA
CVE-2013-3372
Request Tracker (RT) 3.8.x prior to 3.8.17 and 4.0.x prior to 4.0.13 allows remote malicious users to inject multiple Content-Disposition HTTP headers and possibly conduct cross-site scripting (XSS) attacks via unspecified vectors.
Bestpractical Rt 4.0.12
Bestpractical Rt 4.0.0
Bestpractical Rt 4.0.9
Bestpractical Rt 4.0.11
Bestpractical Rt 4.0.3
Bestpractical Rt 4.0.8
Bestpractical Rt 4.0.1
Bestpractical Rt 4.0.6
Bestpractical Rt 4.0.2
Bestpractical Rt 4.0.4
Bestpractical Rt 4.0.7
Bestpractical Rt 4.0.10
Bestpractical Rt 4.0.5
Bestpractical Rt 3.8.7
Bestpractical Rt 3.8.9
Bestpractical Rt 3.8.11
Bestpractical Rt 3.8.8
Bestpractical Rt 3.8.13
Bestpractical Rt 3.8.10
Bestpractical Rt 3.8.1
Bestpractical Rt 3.8.2
Bestpractical Rt 3.8.0
NA
CVE-2013-3374
Unspecified vulnerability in Request Tracker (RT) 3.8.x prior to 3.8.17 and 4.0.x prior to 4.0.13, when using the Apache::Session::File session store, allows remote malicious users to obtain sensitive information (user preferences and caches) via unknown vectors, related to a &qu...
Bestpractical Rt 4.0.12
Bestpractical Rt 4.0.0
Bestpractical Rt 4.0.9
Bestpractical Rt 4.0.11
Bestpractical Rt 4.0.3
Bestpractical Rt 4.0.8
Bestpractical Rt 4.0.1
Bestpractical Rt 4.0.6
Bestpractical Rt 4.0.2
Bestpractical Rt 4.0.4
Bestpractical Rt 4.0.7
Bestpractical Rt 4.0.10
Bestpractical Rt 4.0.5
Bestpractical Rt 3.8.7
Bestpractical Rt 3.8.9
Bestpractical Rt 3.8.11
Bestpractical Rt 3.8.8
Bestpractical Rt 3.8.13
Bestpractical Rt 3.8.10
Bestpractical Rt 3.8.1
Bestpractical Rt 3.8.2
Bestpractical Rt 3.8.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »