FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
ffa7c6e4-bb29-11e3-8136-60a44c524f57otrs -- Clickjacking issue

The OTRS Project reports:

An attacker could embed OTRS in a hidden iframe tag of another page, tricking the user into clicking links in OTRS.


Discovery 2014-04-01
Entry 2014-04-03
otrs
< 3.1.21

gt 3.2.* lt 3.2.16

gt 3.3.* lt 3.3.6

http://www.w3.org/1999/xhtml
CVE-2014-2554
c7b5d72b-886a-11e3-9533-60a44c524f57otrs -- multiple vulnerabilities

The OTRS Project reports:

SQL injection issue

An attacker that managed to take over the session of a logged in customer could create tickets and/or send follow-ups to existing tickets due to missing challenge token checks.


Discovery 2014-01-28
Entry 2014-01-28
Modified 2014-02-06
otrs
< 3.1.19

gt 3.2.* lt 3.2.14

gt 3.3.* lt 3.3.4

CVE-2014-1471
https://www.otrs.com/security-advisory-2014-02-sql-injection-issue/
https://www.otrs.com/security-advisory-2014-01-csrf-issue-customer-web-interface/
70b72a52-9e54-11e3-babe-60a44c524f57otrs -- XSS Issue

The OTRS Project reports:

An attacker could send a specially prepared HTML email to OTRS. If he can then trick an agent into following a special link to display this email, JavaScript code would be executed.


Discovery 2014-02-25
Entry 2014-02-25
otrs
< 3.1.20

gt 3.2.* lt 3.2.15

gt 3.3.* lt 3.3.5

https://www.otrs.com/security-advisory-2014-03-xss-issue/
CVE-2014-1695
e3e788aa-e9fd-11e2-a96e-60a44c524f57otrs -- Sql Injection + Xss Issue

The OTRS Project reports:

An attacker with a valid agent login could manipulate URLs leading to SQL injection. An attacker with a valid agent login could manipulate URLs in the ITSM ConfigItem search, leading to a JavaScript code injection (XSS) problem.


Discovery 2013-07-09
Entry 2013-07-11
otrs
< 3.2.9

CVE-2013-4717
CVE-2013-4718
http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2013-05/
8b97d289-d8cf-11e2-a1f5-60a44c524f57otrs -- information disclosure

The OTRS Project reports:

An attacker with a valid agent login could manipulate URLs in the ticket watch mechanism to see contents of tickets they are not permitted to see.


Discovery 2013-06-18
Entry 2013-06-19
otrs
< 3.2.8

CVE-2013-4088
http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2013-04/
cebd05d6-ed7b-11e7-95f2-005056925db4OTRS -- Multiple vulnerabilities

OTRS reports:

An attacker who is logged into OTRS as an agent can request special URLs from OTRS which can lead to the execution of shell commands with the permissions of the web server user.

An attacker who is logged into OTRS as a customer can use the ticket search form to disclose internal article information of their customer tickets.

An attacker who is logged into OTRS as an agent can manipulate form parameters and execute arbitrary shell commands with the permissions of the OTRS or web server user.

An attacker can send a specially prepared email to an OTRS system. If this system has cookie support disabled, and a logged in agent clicks a link in this email, the session information could be leaked to external systems, allowing the attacker to take over the agent’s session.


Discovery 2017-11-21
Entry 2017-12-30
otrs
< 5.0.26

CVE-2017-16664
CVE-2017-16854
CVE-2017-16921
ports/224729
https://www.otrs.com/security-advisory-2017-07-security-update-otrs-framework/
https://www.otrs.com/security-advisory-2017-08-security-update-otrs-framework/
https://www.otrs.com/security-advisory-2017-09-security-update-otrs-framework/
https://www.otrs.com/security-advisory-2017-10-security-update-otrs-framework/
a5b24a6b-c37c-11e2-addb-60a44c524f57otrs -- information disclosure

The OTRS Project reports:

An attacker with a valid agent login could manipulate URLs in the ticket split mechanism to see contents of tickets and they are not permitted to see.


Discovery 2013-05-22
Entry 2013-05-23
otrs
< 3.2.7

CVE-2013-3551
http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2013-03/