Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
osticket osticket vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2018-7195
Enhancesoft osTicket prior to 1.10.2 allows remote malicious users to reset arbitrary passwords (when an associated e-mail address is known) by leveraging guest access and guessing a 6-digit number.
Osticket Osticket
4.3
CVSSv2
CVE-2018-7196
Cross-site scripting (XSS) vulnerability in /scp/index.php in Enhancesoft osTicket prior to 1.10.2 allows remote malicious users to inject arbitrary web script or HTML via the "sort" parameter.
Osticket Osticket
7.5
CVSSv2
CVE-2020-24881
SSRF exists in osTicket prior to 1.14.3, where an attacker can add malicious file to server or perform port scanning.
Osticket Osticket
4.3
CVSSv2
CVE-2020-24917
osTicket prior to 1.14.3 allows XSS via a crafted filename to DraftAjaxAPI::_uploadInlineImage() in include/ajax.draft.php.
Osticket Osticket
7.5
CVSSv2
CVE-2005-1439
Directory traversal vulnerability in attachments.php in osTicket allows remote malicious users to read arbitrary files via .. sequences in the file parameter.
Osticket Osticket
7.5
CVSSv2
CVE-2017-15580
osTicket 1.10.1 provides a functionality to upload 'html' files with associated formats. However, it does not properly validate the uploaded file's contents and thus accepts any type of file, such as with a tickets.php request that is modified with a .html extensio...
Osticket Osticket 1.10.1
1 EDB exploit
5
CVSSv2
CVE-2010-4634
Directory traversal vulnerability in osTicket 1.6 allows remote malicious users to read arbitrary files via a .. (dot dot) in the file parameter to module.php, a different vector than CVE-2005-1439. NOTE: this issue has been disputed by a reliable third party
Osticket Osticket 1.6
7.5
CVSSv2
CVE-2017-14396
In osTicket prior to 1.10.1, SQL injection is possible by constructing an array via use of square brackets at the end of a parameter name, as demonstrated by the key parameter to file.php.
Osticket Osticket 1.10
1 EDB exploit
6.4
CVSSv2
CVE-2004-0614
osTicket trusts a hidden form field in the submit form to limit the upload size of a document, which could allow remote malicious users to upload a file of any size.
Osticket Osticket Sts
4.3
CVSSv2
CVE-2017-15362
osTicket 1.10.1 allows arbitrary client-side JavaScript code execution on victims who click a crafted support/scp/tickets.php?status= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protections, injection of iframes to establish co...
Osticket Osticket 1.10.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »