Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bestpractical vulnerabilities and exploits
(subscribe to this query)
6
CVSSv2
CVE-2012-4733
Request Tracker (RT) 4.x prior to 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors.
Bestpractical Rt 4.0.1
Bestpractical Rt 4.0.10
Bestpractical Rt 4.0.0
Bestpractical Rt 4.0.2
Bestpractical Rt 4.0.3
Bestpractical Rt 4.0.12
Bestpractical Rt 4.0.11
6.5
CVSSv2
CVE-2011-5093
Best Practical Solutions RT 4.x prior to 4.0.6 does not properly implement the DisallowExecuteCode option, which allows remote authenticated users to bypass intended access restrictions and execute arbitrary code by leveraging access to a privileged account, a different vulnerabi...
Bestpractical Rt 4.0.0
Bestpractical Rt 3.8.12
Bestpractical Rt 4.0.1
Bestpractical Rt 4.0.2
Bestpractical Rt 4.0.3
Bestpractical Rt 4.0.4
Bestpractical Rt 4.0.5
4.3
CVSSv2
CVE-2012-6578
Best Practical Solutions RT 3.8.x prior to 3.8.15 and 4.0.x prior to 4.0.8, when GnuPG is enabled with a "Sign by default" queue configuration, uses a queue's key for signing, which might allow remote malicious users to spoof messages by leveraging the lack of auth...
Bestpractical Request Tracker 3.8.7
Bestpractical Request Tracker 3.8.9
Bestpractical Request Tracker 3.8.10
Bestpractical Request Tracker 3.8.11
Bestpractical Request Tracker 3.8.4
Bestpractical Request Tracker 3.8.12
Bestpractical Request Tracker 3.8.14
Bestpractical Request Tracker 3.8.3
Bestpractical Request Tracker 3.8.13
Bestpractical Request Tracker 4.0.4
Bestpractical Request Tracker 4.0.6
Bestpractical Request Tracker 4.0.1
Bestpractical Request Tracker 4.0.0
Bestpractical Request Tracker 4.0.3
Bestpractical Request Tracker 4.0.2
Bestpractical Request Tracker 4.0.5
Bestpractical Request Tracker 4.0.7
6.4
CVSSv2
CVE-2012-6579
Best Practical Solutions RT 3.8.x prior to 3.8.15 and 4.0.x prior to 4.0.8, when GnuPG is enabled, allows remote malicious users to configure encryption or signing for certain outbound e-mail, and possibly cause a denial of service (loss of e-mail readability), via an e-mail mess...
Bestpractical Request Tracker 3.8.9
Bestpractical Request Tracker 3.8.10
Bestpractical Request Tracker 3.8.11
Bestpractical Request Tracker 3.8.12
Bestpractical Request Tracker 3.8.13
Bestpractical Request Tracker 3.8.3
Bestpractical Request Tracker 3.8.7
Bestpractical Request Tracker 3.8.4
Bestpractical Request Tracker 3.8.14
Bestpractical Request Tracker 4.0.0
Bestpractical Request Tracker 4.0.7
Bestpractical Request Tracker 4.0.3
Bestpractical Request Tracker 4.0.2
Bestpractical Request Tracker 4.0.5
Bestpractical Request Tracker 4.0.4
Bestpractical Request Tracker 4.0.1
Bestpractical Request Tracker 4.0.6
4.3
CVSSv2
CVE-2012-6580
Best Practical Solutions RT 3.8.x prior to 3.8.15 and 4.0.x prior to 4.0.8, when GnuPG is enabled, does not ensure that the UI labels unencrypted messages as unencrypted, which might make it easier for remote malicious users to spoof details of a message's origin or interfer...
Bestpractical Request Tracker 3.8.3
Bestpractical Request Tracker 3.8.4
Bestpractical Request Tracker 3.8.7
Bestpractical Request Tracker 3.8.9
Bestpractical Request Tracker 3.8.11
Bestpractical Request Tracker 3.8.13
Bestpractical Request Tracker 3.8.14
Bestpractical Request Tracker 3.8.10
Bestpractical Request Tracker 3.8.12
Bestpractical Request Tracker 4.0.6
Bestpractical Request Tracker 4.0.3
Bestpractical Request Tracker 4.0.5
Bestpractical Request Tracker 4.0.7
Bestpractical Request Tracker 4.0.1
Bestpractical Request Tracker 4.0.0
Bestpractical Request Tracker 4.0.2
Bestpractical Request Tracker 4.0.4
4.3
CVSSv2
CVE-2012-6581
Best Practical Solutions RT 3.8.x prior to 3.8.15 and 4.0.x prior to 4.0.8, when GnuPG is enabled, allows remote malicious users to bypass intended restrictions on reading keys in the product's keyring, and trigger outbound e-mail messages signed by an arbitrary stored secre...
Bestpractical Request Tracker 3.8.3
Bestpractical Request Tracker 3.8.4
Bestpractical Request Tracker 3.8.7
Bestpractical Request Tracker 3.8.10
Bestpractical Request Tracker 3.8.12
Bestpractical Request Tracker 3.8.13
Bestpractical Request Tracker 3.8.14
Bestpractical Request Tracker 3.8.9
Bestpractical Request Tracker 3.8.11
Bestpractical Request Tracker 4.0.5
Bestpractical Request Tracker 4.0.4
Bestpractical Request Tracker 4.0.7
Bestpractical Request Tracker 4.0.6
Bestpractical Request Tracker 4.0.0
Bestpractical Request Tracker 4.0.2
Bestpractical Request Tracker 4.0.1
Bestpractical Request Tracker 4.0.3
6.8
CVSSv2
CVE-2012-4732
Cross-site request forgery (CSRF) vulnerability in Request Tracker (RT) 3.8.12 and other versions prior to 3.8.15, and 4.0.6 and other versions prior to 4.0.8, allows remote malicious users to hijack the authentication of users for requests that toggle ticket bookmarks.
Bestpractical Rt 3.8.14
Bestpractical Rt 3.8.13
Bestpractical Rt 3.8.12
Bestpractical Rt 4.0.6
Bestpractical Rt 4.0.7
Bestpractical Rt 4.0.8
4.3
CVSSv2
CVE-2013-3736
Cross-site scripting (XSS) vulnerability in the MobileUI (aka RT-Extension-MobileUI) extension prior to 1.04 in Request Tracker (RT) 4.0.0 prior to 4.0.13 allows remote malicious users to inject arbitrary web script or HTML via the name of an attached file.
Bestpractical Request Tracker 4.0.11
Bestpractical Request Tracker 4.0.12
Bestpractical Request Tracker 4.0.8
Bestpractical Request Tracker 4.0.9
Bestpractical Rt-extension-mobileui
Bestpractical Request Tracker 4.0.0
Bestpractical Request Tracker 4.0.4
Bestpractical Request Tracker 4.0.5
Bestpractical Request Tracker 4.0.2
Bestpractical Request Tracker 4.0.3
Bestpractical Request Tracker 4.0.1
Bestpractical Request Tracker 4.0.10
Bestpractical Request Tracker 4.0.6
Bestpractical Request Tracker 4.0.7
5
CVSSv2
CVE-2013-3737
The MobileUI (aka RT-Extension-MobileUI) extension prior to 1.04 in Request Tracker (RT) 4.0.0 prior to 4.0.13, when using the file-based session store (Apache::Session::File) and certain authentication extensions, allows remote malicious users to reuse unauthorized sessions and ...
Bestpractical Request Tracker 4.0.0
Bestpractical Request Tracker 4.0.6
Bestpractical Request Tracker 4.0.7
Bestpractical Request Tracker 4.0.8
Bestpractical Request Tracker 4.0.9
Bestpractical Request Tracker 4.0.1
Bestpractical Request Tracker 4.0.2
Bestpractical Request Tracker 4.0.4
Bestpractical Request Tracker 4.0.11
Bestpractical Request Tracker 4.0.3
Bestpractical Request Tracker 4.0.5
Bestpractical Request Tracker 4.0.10
Bestpractical Request Tracker 4.0.12
6.4
CVSSv2
CVE-2015-1464
RT (aka Request Tracker) prior to 4.0.23 and 4.2.x prior to 4.2.10 allows remote malicious users to hijack sessions via an RSS feed URL.
Fedoraproject Fedora 22
Fedoraproject Fedora 21
Bestpractical Request Tracker 4.2.9
Bestpractical Request Tracker 4.2.1
Bestpractical Request Tracker 4.2.2
Bestpractical Request Tracker 4.2.3
Bestpractical Request Tracker 4.2.4
Bestpractical Request Tracker
Bestpractical Request Tracker 4.2.6
Bestpractical Request Tracker 4.2.8
Bestpractical Request Tracker 4.2.0
Bestpractical Request Tracker 4.2.5
Bestpractical Request Tracker 4.2.7
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
administrator privileges
CVE-2024-1579
hardcoded
CVE-2023-20198
CVE-2024-33587
CVE-2024-33449
CVE-2024-4308
HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »