Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2014-3566 |
|
Vulnerability in redhat (CVE-2014-3566)
vulnerability in redhat (CVE-2014-3566). Risk of unauthorized operations or information disclosure.
|
| CVE-2014-4744 |
|
Multiple cross-site scripting (XSS) vulnerabilities in osTicket before 1.9.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Phone Number field to open.php or (2) Phone numbe...
Multiple cross-site scripting (XSS) vulnerabilities in osTicket before 1.9.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Phone Number field to open.php or (2) Phone number field, (3) passwd1 field, (4) passwd2 field, or (5) do parameter to account.php.
|
| CVE-2014-2653 |
|
Vulnerability in c (CVE-2014-2653)
vulnerability in c (CVE-2014-2653). Risk of unauthorized operations or information disclosure.
|
| CVE-2014-2532 |
|
Vulnerability in oracle (CVE-2014-2532)
vulnerability in oracle (CVE-2014-2532). Risk of unauthorized operations or information disclosure.
|
| CVE-2014-0759 |
|
Vulnerability in schneider-electric (CVE-2014-0759)
vulnerability in schneider-electric (CVE-2014-0759). Risk of unauthorized operations or information disclosure.
|
| CVE-2014-1692 |
|
Buffer Overflow in c (CVE-2014-1692)
vulnerability in c (CVE-2014-1692). Risk of unauthorized operations or information disclosure.
|
| CVE-2013-1609 |
|
Vulnerability in symantec (CVE-2013-1609)
vulnerability in symantec (CVE-2013-1609). Risk of unauthorized operations or information disclosure.
|
| CVE-2013-2566 |
|
Vulnerability in oracle (CVE-2013-2566)
vulnerability in oracle (CVE-2013-2566). Confidential information can be exposed externally.
|
| CVE-2012-4549 |
|
Vulnerability in redhat (CVE-2012-4549)
vulnerability in redhat (CVE-2012-4549). Risk of unauthorized operations or information disclosure.
|
| CVE-2012-4550 |
|
Vulnerability in redhat (CVE-2012-4550)
vulnerability in redhat (CVE-2012-4550). Risk of unauthorized operations or information disclosure.
|
| CVE-2012-0814 |
|
Vulnerability in c (CVE-2012-0814)
vulnerability in c (CVE-2012-0814). Risk of unauthorized operations or information disclosure.
|
| CVE-2011-0627 |
|
Vulnerability in dos (CVE-2011-0627)
vulnerability in dos (CVE-2011-0627). Successful exploitation can lead to full system takeover.
|
| CVE-2010-4634 |
|
Directory traversal vulnerability in osTicket 1.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to module.php, a different vector than CVE-2005-1439. NOTE:...
Directory traversal vulnerability in osTicket 1.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to module.php, a different vector than CVE-2005-1439. NOTE: this issue has been disputed by a reliable third party
|
| CVE-2010-4478 |
|
Authentication Bypass in openbsd (CVE-2010-4478)
authentication bypass in openbsd (CVE-2010-4478). Successful exploitation can lead to full system takeover.
|
| CVE-2010-3190 |
|
Vulnerability in c (CVE-2010-3190)
vulnerability in c (CVE-2010-3190). Successful exploitation can lead to full system takeover.
|
| CVE-2010-0605 |
|
SQL injection vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users, with "Staff" permissions, to execute arbitrary SQL commands via the input parameter.
SQL injection vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users, with "Staff" permissions, to execute arbitrary SQL commands via the input parameter.
|
| CVE-2010-0606 |
|
Cross-site scripting (XSS) vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users to inject arbitrary web script or HTML via the f parameter, possibly related...
Cross-site scripting (XSS) vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users to inject arbitrary web script or HTML via the f parameter, possibly related to an error message generated by scp/admin.php.
|
| CVE-2010-0386 |
|
Vulnerability in sun (CVE-2010-0386)
vulnerability in sun (CVE-2010-0386). Confidential information can be exposed externally.
|
| CVE-2009-3555 |
|
Vulnerability in org.apache.tomcat:tomcat (CVE-2009-3555)
vulnerability in org.apache.tomcat:tomcat (CVE-2009-3555). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `5.5.33` or later.
|
| CVE-2009-2493 |
|
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005...
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005...
|
| CVE-2009-2495 |
|
Vulnerability in c (CVE-2009-2495)
vulnerability in c (CVE-2009-2495). Confidential information can be exposed externally.
|
| CVE-2009-0901 |
|
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005...
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005...
|
| CVE-2009-2361 |
|
SQL injection vulnerability in include/class.staff.php in osTicket before 1.6 RC5 allows remote attackers to execute arbitrary SQL commands via the staff username parameter.
SQL injection vulnerability in include/class.staff.php in osTicket before 1.6 RC5 allows remote attackers to execute arbitrary SQL commands via the staff username parameter.
|
| CVE-2003-1567 |
|
Information Disclosure in microsoft (CVE-2003-1567)
vulnerability in microsoft (CVE-2003-1567). Confidential information can be exposed externally.
|
| CVE-2004-2761 |
|
Vulnerability in ietf (CVE-2004-2761)
vulnerability in ietf (CVE-2004-2761). Successful exploitation can lead to full system takeover.
|
| CVE-2008-5161 |
|
Information Disclosure in openbsd (CVE-2008-5161)
vulnerability in openbsd (CVE-2008-5161). Risk of unauthorized operations or information disclosure.
|
| CVE-2006-5407 |
|
PHP remote file inclusion vulnerability in open_form.php in osTicket allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter.
PHP remote file inclusion vulnerability in open_form.php in osTicket allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter.
|
| CVE-2005-4459 |
|
Buffer Overflow in vmware (CVE-2005-4459)
vulnerability in vmware (CVE-2005-4459). Risk of unauthorized operations or information disclosure.
|
| CVE-2005-1794 |
|
Vulnerability in microsoft (CVE-2005-1794)
vulnerability in microsoft (CVE-2005-1794). Risk of unauthorized operations or information disclosure.
|
| CVE-2005-1436 |
|
Multiple cross-site scripting (XSS) vulnerabilities in osTicket allow remote attackers to inject arbitrary web script or HTML via (1) the t parameter to view.php, (2) the osticket_title parameter to h...
Multiple cross-site scripting (XSS) vulnerabilities in osTicket allow remote attackers to inject arbitrary web script or HTML via (1) the t parameter to view.php, (2) the osticket_title parameter to header.php, (3) the em parameter to admin_login.php, (4) the e parameter to user_login.php, (5) the e...
|
| CVE-2005-1439 |
|
Directory traversal vulnerability in attachments.php in osTicket allows remote attackers to read arbitrary files via .. sequences in the file parameter.
Directory traversal vulnerability in attachments.php in osTicket allows remote attackers to read arbitrary files via .. sequences in the file parameter.
|
| CVE-1999-0524 |
|
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.
|
| CVE-1999-0511 |
|
IP forwarding is enabled on a machine which is not a router or firewall.
IP forwarding is enabled on a machine which is not a router or firewall.
|