Vulnerabilities > Bestpractical > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-08-23 | CVE-2013-3368 | Link Following vulnerability in Bestpractical RT bin/rt in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with predictable name. | 3.3 |
2013-08-23 | CVE-2013-5587 | Cross-Site Scripting vulnerability in Bestpractical RT Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.13, when MakeClicky is configured, allows remote attackers to inject arbitrary web script or HTML via a URL in a ticket. | 2.6 |
2012-11-11 | CVE-2012-4730 | Permissions, Privileges, and Access Controls vulnerability in Bestpractical RT Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote authenticated users with ModifySelf or AdminUser privileges to inject arbitrary email headers and conduct phishing attacks or obtain sensitive information via unknown vectors. | 3.5 |
2012-06-04 | CVE-2011-4459 | Permissions, Privileges, and Access Controls vulnerability in Bestpractical RT Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not properly disable groups, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging a group membership. | 3.5 |