Vulnerabilities > Otrs

DATE CVE VULNERABILITY TITLE RISK
2010-02-09 CVE-2010-0438 SQL Injection vulnerability in Otrs
Multiple SQL injection vulnerabilities in Kernel/System/Ticket.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.1.x before 2.1.9, 2.2.x before 2.2.9, 2.3.x before 2.3.5, and 2.4.x before 2.4.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
otrs CWE-89
6.5
2008-04-01 CVE-2008-1515 Permissions, Privileges, and Access Controls vulnerability in Otrs
The SOAP interface in OTRS 2.1.x before 2.1.8 and 2.2.x before 2.2.6 allows remote attackers to "read and modify objects" via SOAP requests, related to "Missing security checks."
network
low complexity
otrs CWE-264
6.4
2007-05-08 CVE-2007-2524 Cross-Site Scripting vulnerability in Otrs 2.0.4
Cross-site scripting (XSS) vulnerability in index.pl in Open Ticket Request System (OTRS) 2.0.x allows remote attackers to inject arbitrary web script or HTML via the Subaction parameter in an AgentTicketMailbox Action.
network
otrs CWE-79
4.3
2005-11-29 CVE-2005-3895 Unspecified vulnerability in Otrs
Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3, when AttachmentDownloadType is set to inline, renders text/html e-mail attachments as HTML in the browser when the queue moderator attempts to download the attachment, which allows remote attackers to execute arbitrary web script or HTML.
network
otrs
5.8
2005-11-29 CVE-2005-3894 Unspecified vulnerability in Otrs
Multiple cross-site scripting (XSS) vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) hex-encoded values in the QueueID parameter and (2) Action parameters.
network
otrs
4.3
2005-11-29 CVE-2005-3893 Unspecified vulnerability in Otrs
Multiple SQL injection vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) user parameter in the Login action, and remote authenticated users via the (2) TicketID and (3) ArticleID parameters of the AgentTicketPlain action.
network
low complexity
otrs
7.5