Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bestpractical request tracker 4.0.0 vulnerabilities and exploits
(subscribe to this query)
6
CVSSv2
CVE-2012-4733
Request Tracker (RT) 4.x prior to 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors.
Bestpractical Rt 4.0.12
Bestpractical Rt 4.0.0
Bestpractical Rt 4.0.11
Bestpractical Rt 4.0.3
Bestpractical Rt 4.0.1
Bestpractical Rt 4.0.2
Bestpractical Rt 4.0.10
5
CVSSv2
CVE-2015-1165
RT (aka Request Tracker) 3.8.8 up to and including 4.x prior to 4.0.23 and 4.2.x prior to 4.2.10 allows remote malicious users to obtain sensitive RSS feed URLs and ticket data via unspecified vectors.
Fedoraproject Fedora 22
Debian Debian Linux 7.0
Fedoraproject Fedora 21
Bestpractical Request Tracker 4.2.3
Bestpractical Request Tracker 4.2.6
Bestpractical Request Tracker 4.0.18
Bestpractical Request Tracker 3.8.15
Bestpractical Request Tracker 4.0.0
Bestpractical Request Tracker 4.0.6
Bestpractical Request Tracker 4.0.7
Bestpractical Request Tracker 4.0.17
Bestpractical Request Tracker 4.0.21
Bestpractical Request Tracker 4.0.22
Bestpractical Request Tracker 3.8.16
Bestpractical Request Tracker 4.0.5
Bestpractical Request Tracker 4.2.2
Bestpractical Request Tracker 4.0.15
Bestpractical Request Tracker 4.2.7
Bestpractical Request Tracker 4.2.0
Bestpractical Request Tracker 4.0.1
Bestpractical Request Tracker 4.0.2
Bestpractical Request Tracker 4.0.10
5
CVSSv2
CVE-2013-3737
The MobileUI (aka RT-Extension-MobileUI) extension prior to 1.04 in Request Tracker (RT) 4.0.0 prior to 4.0.13, when using the file-based session store (Apache::Session::File) and certain authentication extensions, allows remote malicious users to reuse unauthorized sessions and ...
Bestpractical Request Tracker 4.0.0
Bestpractical Request Tracker 4.0.6
Bestpractical Request Tracker 4.0.7
Bestpractical Request Tracker 4.0.5
Bestpractical Request Tracker 4.0.1
Bestpractical Request Tracker 4.0.2
Bestpractical Request Tracker 4.0.10
Bestpractical Request Tracker 4.0.9
Bestpractical Request Tracker 4.0.4
Bestpractical Request Tracker 4.0.11
Bestpractical Request Tracker 4.0.12
Bestpractical Request Tracker 4.0.8
Bestpractical Request Tracker 4.0.3
5
CVSSv2
CVE-2013-3373
CRLF injection vulnerability in Request Tracker (RT) 3.8.x prior to 3.8.17 and 4.0.x prior to 4.0.13 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a MIME header.
Bestpractical Rt 4.0.12
Bestpractical Rt 4.0.0
Bestpractical Rt 4.0.9
Bestpractical Rt 4.0.11
Bestpractical Rt 4.0.3
Bestpractical Rt 4.0.8
Bestpractical Rt 4.0.1
Bestpractical Rt 4.0.6
Bestpractical Rt 4.0.2
Bestpractical Rt 4.0.4
Bestpractical Rt 4.0.7
Bestpractical Rt 4.0.10
Bestpractical Rt 4.0.5
Bestpractical Rt 3.8.7
Bestpractical Rt 3.8.9
Bestpractical Rt 3.8.11
Bestpractical Rt 3.8.8
Bestpractical Rt 3.8.13
Bestpractical Rt 3.8.10
Bestpractical Rt 3.8.1
Bestpractical Rt 3.8.2
Bestpractical Rt 3.8.0
5
CVSSv2
CVE-2012-4734
Request Tracker (RT) 3.8.x prior to 3.8.15 and 4.0.x prior to 4.0.8 allows remote malicious users to conduct a "confused deputy" attack to bypass the CSRF warning protection mechanism and cause victims to "modify arbitrary state" via unknown vectors related to...
Bestpractical Rt 3.8.7
Bestpractical Rt 3.8.9
Bestpractical Rt 4.0.0
Bestpractical Rt 3.8.11
Bestpractical Rt 3.8.8
Bestpractical Rt 3.8.13
Bestpractical Rt 3.8.10
Bestpractical Rt 3.8.1
Bestpractical Rt 3.8.2
Bestpractical Rt 3.8.0
Bestpractical Rt 4.0.3
Bestpractical Rt 4.0.1
Bestpractical Rt 3.8.3
Bestpractical Rt 4.0.6
Bestpractical Rt 4.0.2
Bestpractical Rt 4.0.8
Bestpractical Rt 4.0.4
Bestpractical Rt 3.8.4
Bestpractical Rt 3.8.5
Bestpractical Rt 3.8.6
Bestpractical Rt 3.8.14
Bestpractical Rt 3.8.12
5
CVSSv2
CVE-2012-4884
Argument injection vulnerability in Request Tracker (RT) 3.8.x prior to 3.8.15 and 4.0.x prior to 4.0.8 allows remote malicious users to create arbitrary files via unspecified vectors related to the GnuPG client.
Bestpractical Rt 3.8.7
Bestpractical Rt 3.8.9
Bestpractical Rt 3.8.11
Bestpractical Rt 3.8.8
Bestpractical Rt 3.8.13
Bestpractical Rt 3.8.10
Bestpractical Rt 3.8.1
Bestpractical Rt 3.8.2
Bestpractical Rt 3.8.0
Bestpractical Rt 3.8.3
Bestpractical Rt 3.8.4
Bestpractical Rt 3.8.14
Bestpractical Rt 3.8.5
Bestpractical Rt 3.8.6
Bestpractical Rt 3.8.12
Bestpractical Rt 4.0.0
Bestpractical Rt 4.0.3
Bestpractical Rt 4.0.1
Bestpractical Rt 4.0.6
Bestpractical Rt 4.0.2
Bestpractical Rt 4.0.8
Bestpractical Rt 4.0.4
5
CVSSv2
CVE-2011-2082
The vulnerable-passwords script in Best Practical Solutions RT 3.x prior to 3.8.12 and 4.x prior to 4.0.6 does not update the password-hash algorithm for disabled user accounts, which makes it easier for context-dependent malicious users to determine cleartext passwords, and poss...
Bestpractical Rt 3.8.7
Bestpractical Rt 3.5.5
Bestpractical Rt 3.0.4
Bestpractical Rt 3.2.1
Bestpractical Rt 3.6.0
Bestpractical Rt 3.8.9
Bestpractical Rt 3.4.0
Bestpractical Rt 3.0.8
Bestpractical Rt 3.8.11
Bestpractical Rt 3.4.2
Bestpractical Rt 3.6.4
Bestpractical Rt 3.8.8
Bestpractical Rt 3.2.0
Bestpractical Rt 3.1.2
Bestpractical Rt 3.6.6
Bestpractical Rt 3.4.5
Bestpractical Rt 3.0.2
Bestpractical Rt 3.5.4
Bestpractical Rt 3.6.7
Bestpractical Rt 3.0.10
Bestpractical Rt 3.6.2
Bestpractical Rt 3.2.2
4.3
CVSSv2
CVE-2016-6127
Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x prior to 4.0.25, 4.2.x prior to 4.2.14, and 4.4.x prior to 4.4.2, when the AlwaysDownloadAttachments config setting is not in use, allows remote malicious users to inject arbitrary web script or HTML via a file ...
Bestpractical Request Tracker 4.2.3
Bestpractical Request Tracker 4.2.6
Bestpractical Request Tracker 4.0.18
Bestpractical Request Tracker 4.0.0
Bestpractical Request Tracker 4.0.6
Bestpractical Request Tracker 4.2.12
Bestpractical Request Tracker 4.0.7
Bestpractical Request Tracker 4.0.17
Bestpractical Request Tracker 4.0.21
Bestpractical Request Tracker 4.0.22
Bestpractical Request Tracker 4.0.5
Bestpractical Request Tracker 4.2.2
Bestpractical Request Tracker 4.0.15
Bestpractical Request Tracker 4.2.7
Bestpractical Request Tracker 4.2.0
Bestpractical Request Tracker 4.0.1
Bestpractical Request Tracker 4.0.2
Bestpractical Request Tracker 4.0.10
Bestpractical Request Tracker 4.2.10
Bestpractical Request Tracker 4.0.9
Bestpractical Request Tracker 4.0.14
Bestpractical Request Tracker 4.0.4
4.3
CVSSv2
CVE-2017-5361
Request Tracker (RT) 4.x prior to 4.0.25, 4.2.x prior to 4.2.14, and 4.4.x prior to 4.4.2 does not use a constant-time comparison algorithm for secrets, which makes it easier for remote malicious users to obtain sensitive user password information via a timing side-channel attack...
Bestpractical Request Tracker 4.2.3
Bestpractical Request Tracker 4.2.6
Bestpractical Request Tracker 4.0.18
Bestpractical Request Tracker 4.0.0
Bestpractical Request Tracker 4.0.6
Bestpractical Request Tracker 4.2.12
Bestpractical Request Tracker 4.0.7
Bestpractical Request Tracker 4.0.17
Bestpractical Request Tracker 4.0.21
Bestpractical Request Tracker 4.0.22
Bestpractical Request Tracker 4.0.5
Bestpractical Request Tracker 4.2.2
Bestpractical Request Tracker 4.0.15
Bestpractical Request Tracker 4.2.7
Bestpractical Request Tracker 4.2.0
Bestpractical Request Tracker 4.0.1
Bestpractical Request Tracker 4.0.2
Bestpractical Request Tracker 4.0.10
Bestpractical Request Tracker 4.2.10
Bestpractical Request Tracker 4.0.9
Bestpractical Request Tracker 4.0.14
Bestpractical Request Tracker 4.0.4
4.3
CVSSv2
CVE-2013-3736
Cross-site scripting (XSS) vulnerability in the MobileUI (aka RT-Extension-MobileUI) extension prior to 1.04 in Request Tracker (RT) 4.0.0 prior to 4.0.13 allows remote malicious users to inject arbitrary web script or HTML via the name of an attached file.
Bestpractical Rt-extension-mobileui
Bestpractical Request Tracker 4.0.0
Bestpractical Request Tracker 4.0.6
Bestpractical Request Tracker 4.0.7
Bestpractical Request Tracker 4.0.5
Bestpractical Request Tracker 4.0.1
Bestpractical Request Tracker 4.0.2
Bestpractical Request Tracker 4.0.10
Bestpractical Request Tracker 4.0.9
Bestpractical Request Tracker 4.0.4
Bestpractical Request Tracker 4.0.11
Bestpractical Request Tracker 4.0.12
Bestpractical Request Tracker 4.0.8
Bestpractical Request Tracker 4.0.3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-6267
XML injection
CVE-2024-37673
CVE-2024-6266
CVE-2024-30078
arbitrary
CVE-2024-36886
CVE-2024-5346
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »