Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
osticket osticket vulnerabilities and exploits
(subscribe to this query)
355
VMScore
CVE-2019-14748
An issue exists in osTicket prior to 1.10.7 and 1.12.x prior to 1.12.1. The Ticket creation form allows users to upload files along with queries. It was found that the file-upload functionality has fewer (or no) mitigations implemented for file content checks; also, the output is...
Osticket Osticket
1 EDB exploit
685
VMScore
CVE-2019-14749
An issue exists in osTicket prior to 1.10.7 and 1.12.x prior to 1.12.1. CSV (aka Formula) injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields in the...
Osticket Osticket
1 EDB exploit
435
VMScore
CVE-2019-14750
An issue exists in osTicket prior to 1.10.7 and 1.12.x prior to 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname and lastname fields of the application. The insertion of malicious queries in those fields lead...
Osticket Osticket
1 EDB exploit
312
VMScore
CVE-2020-16193
osTicket prior to 1.14.3 allows XSS because include/staff/banrule.inc.php has an unvalidated echo $info['notes'] call.
Osticket Osticket
383
VMScore
CVE-2015-1176
Cross-site scripting (XSS) vulnerability in upload/scp/tickets.php in osTicket prior to 1.9.5 allows remote malicious users to inject arbitrary web script or HTML via the status parameter in a search action.
Osticket Osticket
445
VMScore
CVE-2010-4634
Directory traversal vulnerability in osTicket 1.6 allows remote malicious users to read arbitrary files via a .. (dot dot) in the file parameter to module.php, a different vector than CVE-2005-1439. NOTE: this issue has been disputed by a reliable third party
Osticket Osticket 1.6
570
VMScore
CVE-2004-0614
osTicket trusts a hidden form field in the submit form to limit the upload size of a document, which could allow remote malicious users to upload a file of any size.
Osticket Osticket Sts
668
VMScore
CVE-2005-1438
PHP remote file inclusion vulnerability in main.php in osTicket allows remote malicious users to execute arbitrary PHP code via the include_dir parameter.
Osticket Osticket 1
755
VMScore
CVE-2017-15580
osTicket 1.10.1 provides a functionality to upload 'html' files with associated formats. However, it does not properly validate the uploaded file's contents and thus accepts any type of file, such as with a tickets.php request that is modified with a .html extensio...
Osticket Osticket 1.10.1
1 EDB exploit
755
VMScore
CVE-2017-14396
In osTicket prior to 1.10.1, SQL injection is possible by constructing an array via use of square brackets at the end of a parameter name, as demonstrated by the key parameter to file.php.
Osticket Osticket 1.10
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »