Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bestpractical vulnerabilities and exploits
(subscribe to this query)
2.6
CVSSv2
CVE-2013-5587
Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x prior to 4.0.13, when MakeClicky is configured, allows remote malicious users to inject arbitrary web script or HTML via a URL in a ticket. NOTE: this issue has been SPLIT from CVE-2013-3371 due to different aff...
Bestpractical Rt 4.0.0
Bestpractical Rt 4.0.5
Bestpractical Rt 4.0.6
Bestpractical Rt 4.0.7
Bestpractical Rt 4.0.9
Bestpractical Rt 4.0.1
Bestpractical Rt 4.0.3
Bestpractical Rt 4.0.8
Bestpractical Rt 4.0.12
Bestpractical Rt 4.0.11
Bestpractical Rt 4.0.10
Bestpractical Rt 4.0.2
Bestpractical Rt 4.0.4
4.6
CVSSv2
CVE-2011-1685
Best Practical Solutions RT 3.8.0 up to and including 3.8.9 and 4.0.0rc up to and including 4.0.0rc7, when the CustomFieldValuesSources (aka external custom field) option is enabled, allows remote authenticated users to execute arbitrary code via unspecified vectors, as demonstra...
Bestpractical Rt 3.8.3
Bestpractical Rt 3.8.9
Bestpractical Rt 3.8.4
Bestpractical Rt 3.8.6
Bestpractical Rt 3.8.1
Bestpractical Rt 3.8.2
Bestpractical Rt 3.8.7
Bestpractical Rt 3.8.0
Bestpractical Rt 3.8.8
Bestpractical Rt 3.8.5
Bestpractical Rt 4.0.0
4.3
CVSSv2
CVE-2016-6127
Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x prior to 4.0.25, 4.2.x prior to 4.2.14, and 4.4.x prior to 4.4.2, when the AlwaysDownloadAttachments config setting is not in use, allows remote malicious users to inject arbitrary web script or HTML via a file ...
Bestpractical Request Tracker 4.0.7
Bestpractical Request Tracker 4.0.8
Bestpractical Request Tracker 4.0.9
Bestpractical Request Tracker 4.0.10
Bestpractical Request Tracker 4.0.23
Bestpractical Request Tracker 4.0.24
Bestpractical Request Tracker 4.2.0
Bestpractical Request Tracker 4.2.1
Bestpractical Request Tracker 4.4.0
Bestpractical Request Tracker 4.0.0
Bestpractical Request Tracker 4.0.1
Bestpractical Request Tracker 4.0.15
Bestpractical Request Tracker 4.0.16
Bestpractical Request Tracker 4.0.17
Bestpractical Request Tracker 4.0.18
Bestpractical Request Tracker 4.2.7
Bestpractical Request Tracker 4.2.8
Bestpractical Request Tracker 4.2.9
Bestpractical Request Tracker 4.2.10
Bestpractical Request Tracker 4.0.3
Bestpractical Request Tracker 4.0.5
Bestpractical Request Tracker 4.0.12
4.3
CVSSv2
CVE-2017-5361
Request Tracker (RT) 4.x prior to 4.0.25, 4.2.x prior to 4.2.14, and 4.4.x prior to 4.4.2 does not use a constant-time comparison algorithm for secrets, which makes it easier for remote malicious users to obtain sensitive user password information via a timing side-channel attack...
Bestpractical Request Tracker 4.0.5
Bestpractical Request Tracker 4.0.7
Bestpractical Request Tracker 4.0.14
Bestpractical Request Tracker 4.0.16
Bestpractical Request Tracker 4.0.21
Bestpractical Request Tracker 4.0.23
Bestpractical Request Tracker 4.2.5
Bestpractical Request Tracker 4.2.7
Bestpractical Request Tracker 4.4.1
Bestpractical Request Tracker 4.0.9
Bestpractical Request Tracker 4.0.10
Bestpractical Request Tracker 4.0.11
Bestpractical Request Tracker 4.0.12
Bestpractical Request Tracker 4.2.0
Bestpractical Request Tracker 4.2.1
Bestpractical Request Tracker 4.2.2
Bestpractical Request Tracker 4.2.3
Bestpractical Request Tracker 4.0.0
Bestpractical Request Tracker 4.0.1
Bestpractical Request Tracker 4.0.2
Bestpractical Request Tracker 4.0.3
Bestpractical Request Tracker 4.0.17
6.8
CVSSv2
CVE-2017-5943
Request Tracker (RT) 4.x prior to 4.0.25, 4.2.x prior to 4.2.14, and 4.4.x prior to 4.4.2 allows remote malicious users to obtain sensitive information about cross-site request forgery (CSRF) verification tokens via a crafted URL.
Bestpractical Request Tracker 4.0.9
Bestpractical Request Tracker 4.0.10
Bestpractical Request Tracker 4.0.11
Bestpractical Request Tracker 4.0.12
Bestpractical Request Tracker 4.2.0
Bestpractical Request Tracker 4.2.1
Bestpractical Request Tracker 4.2.2
Bestpractical Request Tracker 4.2.3
Bestpractical Request Tracker 4.2.4
Bestpractical Request Tracker 4.0.6
Bestpractical Request Tracker 4.0.8
Bestpractical Request Tracker 4.0.13
Bestpractical Request Tracker 4.0.15
Bestpractical Request Tracker 4.0.22
Bestpractical Request Tracker 4.0.24
Bestpractical Request Tracker 4.2.6
Bestpractical Request Tracker 4.2.8
Bestpractical Request Tracker 4.2.13
Bestpractical Request Tracker 4.4.0
Bestpractical Request Tracker 4.0.0
Bestpractical Request Tracker 4.0.1
Bestpractical Request Tracker 4.0.2
6.5
CVSSv2
CVE-2017-5944
The dashboard subscription interface in Request Tracker (RT) 4.x prior to 4.0.25, 4.2.x prior to 4.2.14, and 4.4.x prior to 4.4.2 might allow remote authenticated users with certain privileges to execute arbitrary code via a crafted saved search name.
Bestpractical Request Tracker 4.0.3
Bestpractical Request Tracker 4.0.5
Bestpractical Request Tracker 4.0.12
Bestpractical Request Tracker 4.0.14
Bestpractical Request Tracker 4.0.19
Bestpractical Request Tracker 4.0.21
Bestpractical Request Tracker 4.2.3
Bestpractical Request Tracker 4.2.5
Bestpractical Request Tracker 4.2.12
Bestpractical Request Tracker 4.4.1
Bestpractical Request Tracker 4.0.7
Bestpractical Request Tracker 4.0.8
Bestpractical Request Tracker 4.0.9
Bestpractical Request Tracker 4.0.10
Bestpractical Request Tracker 4.0.23
Bestpractical Request Tracker 4.0.24
Bestpractical Request Tracker 4.2.0
Bestpractical Request Tracker 4.2.1
Bestpractical Request Tracker 4.2.2
Bestpractical Request Tracker 4.4.0
Bestpractical Request Tracker 4.0.0
Bestpractical Request Tracker 4.0.1
7.5
CVSSv2
CVE-2013-3525
SQL injection vulnerability in Approvals/ in Request Tracker (RT) 4.0.10 and previous versions allows remote malicious users to execute arbitrary SQL commands via the ShowPending parameter. NOTE: the vendor disputes this issue, stating "We were unable to replicate it, and th...
Bestpractical Request Tracker 3.8.15
Bestpractical Request Tracker 4.0.0
Bestpractical Request Tracker 4.0.6
Bestpractical Request Tracker 4.0.7
Bestpractical Request Tracker 3.8.16
Bestpractical Request Tracker 4.0.5
Bestpractical Request Tracker 3.8.7
Bestpractical Request Tracker 3.6.8
Bestpractical Request Tracker 4.0.1
Bestpractical Request Tracker 4.0.2
Bestpractical Request Tracker
Bestpractical Request Tracker 4.0.4
Bestpractical Request Tracker 3.8.14
Bestpractical Request Tracker 3.6.10
Bestpractical Request Tracker 3.8.9
Bestpractical Request Tracker 3.8.10
Bestpractical Request Tracker 3.8.13
Bestpractical Request Tracker 3.8.11
Bestpractical Request Tracker 3.8.12
Bestpractical Request Tracker 4.0.8
Bestpractical Request Tracker 4.0.3
Bestpractical Request Tracker 3.8.4
1 EDB exploit
5
CVSSv2
CVE-2015-1165
RT (aka Request Tracker) 3.8.8 up to and including 4.x prior to 4.0.23 and 4.2.x prior to 4.2.10 allows remote malicious users to obtain sensitive RSS feed URLs and ticket data via unspecified vectors.
Debian Debian Linux 7.0
Fedoraproject Fedora 21
Fedoraproject Fedora 22
Bestpractical Request Tracker 4.0.1
Bestpractical Request Tracker 4.0.2
Bestpractical Request Tracker 4.0.3
Bestpractical Request Tracker 4.0.4
Bestpractical Request Tracker 4.0.18
Bestpractical Request Tracker 4.0.19
Bestpractical Request Tracker 3.8.11
Bestpractical Request Tracker 3.8.12
Bestpractical Request Tracker 3.8.13
Bestpractical Request Tracker 3.8.14
Bestpractical Request Tracker 4.0.9
Bestpractical Request Tracker 4.0.10
Bestpractical Request Tracker 4.0.11
Bestpractical Request Tracker 4.0.12
Bestpractical Request Tracker 4.0.13
Bestpractical Request Tracker 4.2.3
Bestpractical Request Tracker 4.2.4
Bestpractical Request Tracker 4.2.5
Bestpractical Request Tracker 4.2.6
4
CVSSv2
CVE-2012-4731
FAQ manager for Request Tracker (RTFM) prior to 2.4.5 does not properly check user rights, which allows remote authenticated users to create arbitrary articles in arbitrary classes via unknown vectors.
Bestpractical Rtfm 2.4.1
Bestpractical Rtfm 2.4.0
Bestpractical Rtfm 2.2.2
Bestpractical Rtfm 2.2.1
Bestpractical Rtfm 2.2.0
Bestpractical Rtfm
Bestpractical Rtfm 2.4.2
7.1
CVSSv2
CVE-2014-9472
The email gateway in RT (aka Request Tracker) 3.0.0 up to and including 4.x prior to 4.0.23 and 4.2.x prior to 4.2.10 allows remote malicious users to cause a denial of service (CPU and disk consumption) via a crafted email.
Debian Debian Linux 7.0
Fedoraproject Fedora 22
Fedoraproject Fedora 21
Bestpractical Request Tracker 3.8.16
Bestpractical Request Tracker 3.8.17
Bestpractical Request Tracker 4.0.0
Bestpractical Request Tracker 4.0.1
Bestpractical Request Tracker 4.0.14
Bestpractical Request Tracker 4.0.15
Bestpractical Request Tracker 4.0.16
Bestpractical Request Tracker 4.0.17
Bestpractical Request Tracker 4.0.18
Bestpractical Request Tracker 4.2.8
Bestpractical Request Tracker 4.2.9
Bestpractical Request Tracker 3.6.10
Bestpractical Request Tracker 3.8.3
Bestpractical Request Tracker 3.8.13
Bestpractical Request Tracker 3.8.15
Bestpractical Request Tracker 4.0.2
Bestpractical Request Tracker 4.0.4
Bestpractical Request Tracker 4.0.11
Bestpractical Request Tracker 4.0.13
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
administrator privileges
CVE-2024-1579
hardcoded
CVE-2023-20198
CVE-2024-33587
CVE-2024-33449
CVE-2024-4308
HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »