Search CVE reports
81 – 87 of 87 results
Some fixes available 3 of 6
Scrips_Overlay.pm in Best Practical Solutions RT before 3.8.9 does not properly restrict access to a TicketObj in a Scrip after a CurrentUser change, which allows remote authenticated users to obtain sensitive information via...
2 affected packages
request-tracker3.6, request-tracker3.8
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| request-tracker3.6 | — | — | — | — |
| request-tracker3.8 | — | — | — | — |
Some fixes available 1 of 6
Best Practical Solutions RT before 3.8.9 does not perform certain redirect actions upon a login, which allows physically proximate attackers to obtain credentials by resubmitting the login form via the back button of a web browser...
2 affected packages
request-tracker3.6, request-tracker3.8
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| request-tracker3.6 | — | — | — | — |
| request-tracker3.8 | — | — | — | — |
Some fixes available 3 of 7
Best Practical Solutions RT 3.x before 3.8.9rc2 and 4.x before 4.0.0rc4 uses the MD5 algorithm for password hashes, which makes it easier for context-dependent attackers to determine cleartext passwords via a brute-force attack on...
3 affected packages
request-tracker3.4, request-tracker3.6, request-tracker3.8
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| request-tracker3.4 | — | — | — | — |
| request-tracker3.6 | — | — | — | — |
| request-tracker3.8 | — | — | — | — |
Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a...
3 affected packages
request-tracker3.4, request-tracker3.6, request-tracker3.8
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| request-tracker3.4 | — | — | — | — |
| request-tracker3.6 | — | — | — | — |
| request-tracker3.8 | — | — | — | — |
Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a...
3 affected packages
request-tracker3.4, request-tracker3.6, request-tracker3.8
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| request-tracker3.4 | — | — | — | — |
| request-tracker3.6 | — | — | — | — |
| request-tracker3.8 | — | — | — | — |
Some fixes available 7 of 8
Buffer overflow in the Loader_XM::load_instrument_internal function in loader_xm.cpp for Cheese Tracker 0.9.9 and earlier allows user-assisted attackers to execute arbitrary code via a crafted file with a large amount of extra data.
1 affected package
cheesetracker
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| cheesetracker | — | — | — | — |
RT: Request Tracker 3.5.HEAD allows remote attackers to obtain sensitive information via the Rows parameter in Dist/Display.html, which reveals the installation path in an error message.
1 affected package
request-tracker3.4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| request-tracker3.4 | — | — | — | — |