Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
otrs otrs vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2024-23790
Improper Input Validation vulnerability in the upload functionality for user avatars allows functionality misuse due to missing check of filetypes. This issue affects OTRS: from 7.0.X up to and including 7.0.48, from 8.0.X up to and including 8.0.37, from 2023 up to and including...
Otrs Otrs
9.8
CVSSv3
CVE-2022-4427
Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTRS)) Community Edition allows SQL Injection via TicketSearch Webservice This issue affects OTRS: from 7.0.1 prior to 7.0.40 Patch 1, from 8.0.1 prior to 8.0.28 Patch 1; ((OTRS)) Community Edition: from 6.0.1 up ...
Otrs Otrs 8.0.28
Otrs Otrs 7.0.40
Otrs Otrs
9.4
CVSSv3
CVE-2016-5843
Multiple SQL injection vulnerabilities in the FAQ package 2.x prior to 2.3.6, 4.x prior to 4.0.5, and 5.x prior to 5.0.5 in Open Ticket Request System (OTRS) allow remote malicious users to execute arbitrary SQL commands via crafted search parameters.
Otrs Faq 2.3.2
Otrs Faq 2.3.3
Otrs Faq 2.1.2
Otrs Faq 2.1.3
Otrs Faq 2.0.6
Otrs Faq 2.0.7
Otrs Faq 5.0.2
Otrs Faq 5.0.1
Otrs Faq 2.2.1
Otrs Faq 2.2.2
Otrs Faq 2.2.3
Otrs Faq 2.0.2
Otrs Faq 2.0.3
Otrs Faq 4.0.1
Otrs Faq 4.0.2
Otrs Faq 2.3.0
Otrs Faq 2.3.1
Otrs Faq 2.1.0
Otrs Faq 2.1.1
Otrs Faq 2.0.4
Otrs Faq 2.0.5
Otrs Faq 4.0.3
9.1
CVSSv3
CVE-2023-5422
The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL or TLS based communication. As the SSL_get_verify_result() function is not used the certificated is trusted always and it can not be ensured that the certificate satisfies...
Otrs Otrs
8.8
CVSSv3
CVE-2023-38060
Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operations of the OTRS Generic Interface modules allows any authenticated malicious user to to perform an host header injection for the ContentType header of the a...
Otrs Otrs
8.8
CVSSv3
CVE-2022-39051
Attacker might be able to execute malicious Perl code in the Template toolkit, by having the admin installing an unverified 3th party package
Otrs Otrs
8.8
CVSSv3
CVE-2021-36100
Specially crafted string in OTRS system configuration can allow the execution of any system command.
Otrs Otrs Itsm
Otrs Otrs Storm
Otrs Otrs
8.8
CVSSv3
CVE-2013-4717
Multiple SQL injection vulnerabilities in Open Ticket Request System (OTRS) Help Desk 3.0.x prior to 3.0.22, 3.1.x prior to 3.1.18, and 3.2.x prior to 3.2.9 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to Kernel/Output/HTML/Pr...
Otrs Otrs
Otrs Otrs Itsm
8.8
CVSSv3
CVE-2018-14593
An issue exists in Open Ticket Request System (OTRS) 6.0.x up to and including 6.0.9, 5.0.x up to and including 5.0.28, and 4.0.x up to and including 4.0.30. An attacker who is logged into OTRS as an agent may escalate their privileges by accessing a specially crafted URL.
Otrs Open Ticket Request System
Debian Debian Linux 8.0
Debian Debian Linux 9.0
8.8
CVSSv3
CVE-2017-17476
Open Ticket Request System (OTRS) 4.0.x prior to 4.0.28, 5.0.x prior to 5.0.26, and 6.0.x prior to 6.0.3, when cookie support is disabled, might allow remote malicious users to hijack web sessions and consequently gain privileges via a crafted email.
Otrs Otrs
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »