Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
request tracker vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-9407
Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver prior to 3.0.5 allow remote malicious users to hijack the authentication of administrators for requests that (1) delete data via a request to agency-delete.php, (2) tracker-delete.php, or (3) userlog-de...
Revive-adserver Revive Adserver
NA
CVE-2013-3369
Request Tracker (RT) 3.8.x prior to 3.8.17 and 4.0.x prior to 4.0.13 allows remote authenticated users with the permissions to view the administration pages to execute arbitrary private components via unspecified vectors.
Bestpractical Rt 3.8.0
Bestpractical Rt 3.8.1
Bestpractical Rt 3.8.13
Bestpractical Rt 3.8.14
Bestpractical Rt 3.8.7
Bestpractical Rt 3.8.8
Bestpractical Rt 3.8.16
Bestpractical Rt 3.8.11
Bestpractical Rt 3.8.12
Bestpractical Rt 3.8.2
Bestpractical Rt 3.8.6
Bestpractical Rt 3.8.9
Bestpractical Rt 3.8.10
Bestpractical Rt 3.8.3
Bestpractical Rt 3.8.4
Bestpractical Rt 3.8.15
Bestpractical Rt 3.8.5
Bestpractical Rt 4.0.0
Bestpractical Rt 4.0.5
Bestpractical Rt 4.0.6
Bestpractical Rt 4.0.7
Bestpractical Rt 4.0.9
6.5
CVSSv3
CVE-2022-32215
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).
Nodejs Node.js
Llhttp Llhttp
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Siemens Sinec Ins 1.0
Debian Debian Linux 11.0
Stormshield Stormshield Management Center
NA
CVE-2012-4733
Request Tracker (RT) 4.x prior to 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors.
Bestpractical Rt 4.0.1
Bestpractical Rt 4.0.10
Bestpractical Rt 4.0.0
Bestpractical Rt 4.0.2
Bestpractical Rt 4.0.3
Bestpractical Rt 4.0.12
Bestpractical Rt 4.0.11
NA
CVE-2004-2029
The Util_DecodeHTTPAuth function in BNBT BitTorrent Tracker Beta 7.5 Release 2 and previous versions allows remote malicious users to cause a denial of service (crash) via a Basic Authorization HTTP request with a "A==" value.
Trevor Hogan Bnbt 7.5 Beta Release2
1 EDB exploit
NA
CVE-2013-3368
bin/rt in Request Tracker (RT) 3.8.x prior to 3.8.17 and 4.0.x prior to 4.0.13 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with predictable name.
Bestpractical Rt 4.0.12
Bestpractical Rt 4.0.0
Bestpractical Rt 4.0.1
Bestpractical Rt 4.0.2
Bestpractical Rt 4.0.5
Bestpractical Rt 4.0.6
Bestpractical Rt 4.0.7
Bestpractical Rt 4.0.8
Bestpractical Rt 4.0.11
Bestpractical Rt 4.0.10
Bestpractical Rt 4.0.9
Bestpractical Rt 4.0.3
Bestpractical Rt 4.0.4
Bestpractical Rt 3.8.16
Bestpractical Rt 3.8.0
Bestpractical Rt 3.8.1
Bestpractical Rt 3.8.11
Bestpractical Rt 3.8.12
Bestpractical Rt 3.8.2
Bestpractical Rt 3.8.4
Bestpractical Rt 3.8.6
Bestpractical Rt 3.8.8
NA
CVE-2013-3371
Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 3.8.3 up to and including 3.8.16 and 4.0.x prior to 4.0.13 allows remote malicious users to inject arbitrary web script or HTML via the filename of an attachment.
Bestpractical Rt 3.8.0
Bestpractical Rt 3.8.1
Bestpractical Rt 3.8.11
Bestpractical Rt 3.8.15
Bestpractical Rt 3.8.2
Bestpractical Rt 3.8.4
Bestpractical Rt 3.8.5
Bestpractical Rt 3.8.6
Bestpractical Rt 3.8.8
Bestpractical Rt 3.8.9
Bestpractical Rt 3.8.13
Bestpractical Rt 3.8.10
Bestpractical Rt 3.8.3
Bestpractical Rt 3.8.14
Bestpractical Rt 3.8.7
Bestpractical Rt 3.8.16
Bestpractical Rt 3.8.12
Bestpractical Rt 4.0.10
Bestpractical Rt 4.0.0
Bestpractical Rt 4.0.1
Bestpractical Rt 4.0.2
Bestpractical Rt 4.0.3
NA
CVE-2013-3372
Request Tracker (RT) 3.8.x prior to 3.8.17 and 4.0.x prior to 4.0.13 allows remote malicious users to inject multiple Content-Disposition HTTP headers and possibly conduct cross-site scripting (XSS) attacks via unspecified vectors.
Bestpractical Rt 4.0.10
Bestpractical Rt 4.0.9
Bestpractical Rt 4.0.0
Bestpractical Rt 4.0.2
Bestpractical Rt 4.0.3
Bestpractical Rt 4.0.4
Bestpractical Rt 4.0.12
Bestpractical Rt 4.0.1
Bestpractical Rt 4.0.5
Bestpractical Rt 4.0.6
Bestpractical Rt 4.0.7
Bestpractical Rt 4.0.8
Bestpractical Rt 4.0.11
Bestpractical Rt 3.8.0
Bestpractical Rt 3.8.1
Bestpractical Rt 3.8.13
Bestpractical Rt 3.8.14
Bestpractical Rt 3.8.7
Bestpractical Rt 3.8.8
Bestpractical Rt 3.8.16
Bestpractical Rt 3.8.11
Bestpractical Rt 3.8.12
6.5
CVSSv3
CVE-2022-32214
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).
Llhttp Llhttp
Nodejs Node.js
Debian Debian Linux 11.0
Stormshield Stormshield Management Center
8.8
CVSSv3
CVE-2020-11100
In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 up to and including 2.x prior to 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution.
Haproxy Haproxy
Debian Debian Linux 10.0
Redhat Openshift Container Platform 3.11
Redhat Openshift Container Platform 4.0
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
Opensuse Leap 15.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »