Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bestpractical vulnerabilities and exploits
(subscribe to this query)
534
VMScore
CVE-2012-4733
Request Tracker (RT) 4.x prior to 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors.
Bestpractical Rt 4.0.1
Bestpractical Rt 4.0.10
Bestpractical Rt 4.0.0
Bestpractical Rt 4.0.2
Bestpractical Rt 4.0.3
Bestpractical Rt 4.0.12
Bestpractical Rt 4.0.11
578
VMScore
CVE-2011-5093
Best Practical Solutions RT 4.x prior to 4.0.6 does not properly implement the DisallowExecuteCode option, which allows remote authenticated users to bypass intended access restrictions and execute arbitrary code by leveraging access to a privileged account, a different vulnerabi...
Bestpractical Rt 4.0.0
Bestpractical Rt 3.8.12
Bestpractical Rt 4.0.1
Bestpractical Rt 4.0.2
Bestpractical Rt 4.0.3
Bestpractical Rt 4.0.4
Bestpractical Rt 4.0.5
383
VMScore
CVE-2012-6578
Best Practical Solutions RT 3.8.x prior to 3.8.15 and 4.0.x prior to 4.0.8, when GnuPG is enabled with a "Sign by default" queue configuration, uses a queue's key for signing, which might allow remote malicious users to spoof messages by leveraging the lack of auth...
Bestpractical Request Tracker 3.8.7
Bestpractical Request Tracker 3.8.9
Bestpractical Request Tracker 3.8.10
Bestpractical Request Tracker 3.8.11
Bestpractical Request Tracker 3.8.4
Bestpractical Request Tracker 3.8.12
Bestpractical Request Tracker 3.8.14
Bestpractical Request Tracker 3.8.3
Bestpractical Request Tracker 3.8.13
Bestpractical Request Tracker 4.0.4
Bestpractical Request Tracker 4.0.6
Bestpractical Request Tracker 4.0.1
Bestpractical Request Tracker 4.0.0
Bestpractical Request Tracker 4.0.3
Bestpractical Request Tracker 4.0.2
Bestpractical Request Tracker 4.0.5
Bestpractical Request Tracker 4.0.7
570
VMScore
CVE-2012-6579
Best Practical Solutions RT 3.8.x prior to 3.8.15 and 4.0.x prior to 4.0.8, when GnuPG is enabled, allows remote malicious users to configure encryption or signing for certain outbound e-mail, and possibly cause a denial of service (loss of e-mail readability), via an e-mail mess...
Bestpractical Request Tracker 3.8.9
Bestpractical Request Tracker 3.8.10
Bestpractical Request Tracker 3.8.11
Bestpractical Request Tracker 3.8.12
Bestpractical Request Tracker 3.8.13
Bestpractical Request Tracker 3.8.3
Bestpractical Request Tracker 3.8.7
Bestpractical Request Tracker 3.8.4
Bestpractical Request Tracker 3.8.14
Bestpractical Request Tracker 4.0.0
Bestpractical Request Tracker 4.0.7
Bestpractical Request Tracker 4.0.3
Bestpractical Request Tracker 4.0.2
Bestpractical Request Tracker 4.0.5
Bestpractical Request Tracker 4.0.4
Bestpractical Request Tracker 4.0.1
Bestpractical Request Tracker 4.0.6
383
VMScore
CVE-2012-6580
Best Practical Solutions RT 3.8.x prior to 3.8.15 and 4.0.x prior to 4.0.8, when GnuPG is enabled, does not ensure that the UI labels unencrypted messages as unencrypted, which might make it easier for remote malicious users to spoof details of a message's origin or interfer...
Bestpractical Request Tracker 3.8.3
Bestpractical Request Tracker 3.8.4
Bestpractical Request Tracker 3.8.7
Bestpractical Request Tracker 3.8.9
Bestpractical Request Tracker 3.8.11
Bestpractical Request Tracker 3.8.13
Bestpractical Request Tracker 3.8.14
Bestpractical Request Tracker 3.8.10
Bestpractical Request Tracker 3.8.12
Bestpractical Request Tracker 4.0.6
Bestpractical Request Tracker 4.0.3
Bestpractical Request Tracker 4.0.5
Bestpractical Request Tracker 4.0.7
Bestpractical Request Tracker 4.0.1
Bestpractical Request Tracker 4.0.0
Bestpractical Request Tracker 4.0.2
Bestpractical Request Tracker 4.0.4
383
VMScore
CVE-2012-6581
Best Practical Solutions RT 3.8.x prior to 3.8.15 and 4.0.x prior to 4.0.8, when GnuPG is enabled, allows remote malicious users to bypass intended restrictions on reading keys in the product's keyring, and trigger outbound e-mail messages signed by an arbitrary stored secre...
Bestpractical Request Tracker 3.8.3
Bestpractical Request Tracker 3.8.4
Bestpractical Request Tracker 3.8.7
Bestpractical Request Tracker 3.8.10
Bestpractical Request Tracker 3.8.12
Bestpractical Request Tracker 3.8.13
Bestpractical Request Tracker 3.8.14
Bestpractical Request Tracker 3.8.9
Bestpractical Request Tracker 3.8.11
Bestpractical Request Tracker 4.0.5
Bestpractical Request Tracker 4.0.4
Bestpractical Request Tracker 4.0.7
Bestpractical Request Tracker 4.0.6
Bestpractical Request Tracker 4.0.0
Bestpractical Request Tracker 4.0.2
Bestpractical Request Tracker 4.0.1
Bestpractical Request Tracker 4.0.3
605
VMScore
CVE-2012-4732
Cross-site request forgery (CSRF) vulnerability in Request Tracker (RT) 3.8.12 and other versions prior to 3.8.15, and 4.0.6 and other versions prior to 4.0.8, allows remote malicious users to hijack the authentication of users for requests that toggle ticket bookmarks.
Bestpractical Rt 3.8.14
Bestpractical Rt 3.8.13
Bestpractical Rt 3.8.12
Bestpractical Rt 4.0.6
Bestpractical Rt 4.0.7
Bestpractical Rt 4.0.8
383
VMScore
CVE-2013-3736
Cross-site scripting (XSS) vulnerability in the MobileUI (aka RT-Extension-MobileUI) extension prior to 1.04 in Request Tracker (RT) 4.0.0 prior to 4.0.13 allows remote malicious users to inject arbitrary web script or HTML via the name of an attached file.
Bestpractical Request Tracker 4.0.11
Bestpractical Request Tracker 4.0.12
Bestpractical Request Tracker 4.0.8
Bestpractical Request Tracker 4.0.9
Bestpractical Rt-extension-mobileui
Bestpractical Request Tracker 4.0.0
Bestpractical Request Tracker 4.0.4
Bestpractical Request Tracker 4.0.5
Bestpractical Request Tracker 4.0.2
Bestpractical Request Tracker 4.0.3
Bestpractical Request Tracker 4.0.1
Bestpractical Request Tracker 4.0.10
Bestpractical Request Tracker 4.0.6
Bestpractical Request Tracker 4.0.7
445
VMScore
CVE-2013-3737
The MobileUI (aka RT-Extension-MobileUI) extension prior to 1.04 in Request Tracker (RT) 4.0.0 prior to 4.0.13, when using the file-based session store (Apache::Session::File) and certain authentication extensions, allows remote malicious users to reuse unauthorized sessions and ...
Bestpractical Request Tracker 4.0.0
Bestpractical Request Tracker 4.0.6
Bestpractical Request Tracker 4.0.7
Bestpractical Request Tracker 4.0.8
Bestpractical Request Tracker 4.0.9
Bestpractical Request Tracker 4.0.1
Bestpractical Request Tracker 4.0.2
Bestpractical Request Tracker 4.0.4
Bestpractical Request Tracker 4.0.11
Bestpractical Request Tracker 4.0.3
Bestpractical Request Tracker 4.0.5
Bestpractical Request Tracker 4.0.10
Bestpractical Request Tracker 4.0.12
570
VMScore
CVE-2015-1464
RT (aka Request Tracker) prior to 4.0.23 and 4.2.x prior to 4.2.10 allows remote malicious users to hijack sessions via an RSS feed URL.
Fedoraproject Fedora 22
Fedoraproject Fedora 21
Bestpractical Request Tracker 4.2.9
Bestpractical Request Tracker 4.2.1
Bestpractical Request Tracker 4.2.2
Bestpractical Request Tracker 4.2.3
Bestpractical Request Tracker 4.2.4
Bestpractical Request Tracker
Bestpractical Request Tracker 4.2.6
Bestpractical Request Tracker 4.2.8
Bestpractical Request Tracker 4.2.0
Bestpractical Request Tracker 4.2.5
Bestpractical Request Tracker 4.2.7
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »