Search
Search Results (44 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-2082 | 1 Bestpractical | 1 Rt | 2025-04-11 | N/A |
| The vulnerable-passwords script in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not update the password-hash algorithm for disabled user accounts, which makes it easier for context-dependent attackers to determine cleartext passwords, and possibly use these passwords after accounts are re-enabled, via a brute-force attack on the database. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-0009. | ||||
| CVE-2012-2769 | 2 Bestpractical, Jesse Vincent | 2 Rt, Extension\ | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the topic administration page in the Extension::MobileUI extension before 1.02 for Best Practical Solutions RT 3.8.x and in Best Practical Solutions RT before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2012-2770 | 2 Bestpractical, Mike Peachey | 2 Rt, Authen\ | 2025-04-11 | N/A |
| The Authen::ExternalAuth extension before 0.11 for Best Practical Solutions RT allows remote attackers to obtain a logged-in session via unspecified vectors related to the "URL of a RSS feed of the user." | ||||
| CVE-2013-3373 | 1 Bestpractical | 1 Rt | 2025-04-11 | N/A |
| CRLF injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a MIME header. | ||||