SiT! Support Incident Tracker version 3.64 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
f96224a116d5b9a0cf199fe7824da18754178ae86a55d1412935c259aa11d26eZoho BugTracker suffers from multiple stored cross site scripting vulnerabilities.
5f84abf0fd32b20d83731d75e8fa472c4d86148ea3ded99941f4e9ec38a9a318Debian Linux Security Advisory 2480-3 - The recent security updates for request-tracker3.8, DSA-2480-1 and DSA-2480-2, contained another regression when running under mod_perl.
9ce17132ccbefeabfb6b516fe846fb3bf5d8c67604754ef8f937f83628472a89Debian Linux Security Advisory 2480-2 - It was discovered that the recent request-tracker3.8 update, DSA-2480-1, introduced a regression which caused outgoing mail to fail when running under mod_perl.
e07b2f00d518d311c1eeb0eea530260835e3164ea995c4f29764a08ebe15c712Secunia Security Advisory - Debian has issued an update for request-tracker3.8. This fixes multiple vulnerabilities, which can be exploited by malicious users to disclose potentially sensitive information, conduct SQL injection attacks, and bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks, cross-site request forgery attacks, and compromise a vulnerable system.
239897c56ebc22b5d44a1b1e9fb213c1589f2c4216471e4f440ee9ec7dc0d4a6Debian Linux Security Advisory 2480-1 - Several vulnerabilities were discovered in Request Tracker, an issue tracking system.
4d0921714e92a3caf9ffbb786ca18511edabedc064e7f7072f96aa34077367e0Secunia Security Advisory - Two vulnerabilities have been discovered in RivetTracker, which can be exploited by malicious users and malicious people to conduct SQL injection attacks.
ba094eb7d07f2e24dba29c7ad9b63c7d425928f7d175522ca8d4ffa2a787f5abRivettracker versions 1.03 and below suffer from multiple remote SQL injection vulnerabilities.
bf5cb5d1b2aa0f3104dcfb78bf15da96dca749daeda9bd4579d186571746613fSiT! Support Incident Tracker version 3.64 suffers from cross site scripting, cross site request forgery and remote SQL injection vulnerabilities.
555182c560b0b38786cf6e490054714bb220159a57b8b0956fa30f34d0a07b73Tracker Software pdfSaver ActiveX control (pdfxctrl.dll) version 3.60.0128 suffers from stack buffer overflow vulnerability.
1f74a1a4ce723616f317b2c385cfb28c0333209fe68e3f334202488fee4929f5Support Incident Tracker versions 3.65 and below remote code execution exploit that leverages translate.php.
7ffa1156de49d88784954d7cb69a66baecd33c27f096acddfdbe8fc423368721This Metasploit module combines two separate issues within Support Incident Tracker versions 3.65 and below to upload arbitrary data and thus execute a shell. The two issues exist in ftp_upload_file.php. The first vulnerability exposes the upload dir used to store attachments. The second vulnerability allows arbitrary file upload since there is no validation function to prevent from uploading any file type. Authentication is required to exploit both vulnerabilities.
dbc7a2ae369700f4243579f8576c1fb42786b65ea5a9ec60c838072b7d4ea678Secunia Security Advisory - Secunia Research has discovered a weakness and multiple vulnerabilities in Support Incident Tracker, which can be exploited by malicious users to disclose sensitive information, conduct SQL injection attacks, and compromise a vulnerable system and by malicious people to conduct cross-site scripting attacks.
10fe08a5f4a38cafa63bf94902bdc8390b2b4f4dcdf6fa7a5abc940ed6f6ba40Secunia Security Advisory - High-Tech Bridge SA has discovered multiple vulnerabilities in Support Incident Tracker, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting, cross-site request forgery, and SQL injection attacks.
3b8dd8ab80165a42af8f604d027a696a7edb098be64e7931a85fab1f93ef6eb3Secunia Security Advisory - High-Tech Bridge SA has discovered two vulnerabilities in Support Incident Tracker, which can be exploited by malicious people to conduct cross-site scripting attacks.
703eeea2098a3b559476f109f186019a4191ceb0cda709e5ccfa2e2e750764dbWordPress Crawl Rate Tracker plugin versions 2.0.2 and below suffer from a remote SQL injection vulnerability.
8dde43120d85fe125c1bbad3ee9442c751cbbee7ff36be8d569ac676e136a70aNetwork Tracker version 0.95 suffers from a cross site scripting vulnerability.
55428001d31703e91972afbaa8ee75333d7092017719bc72a0cd08efdca16078Secunia Security Advisory - Yuri Goltsev has discovered two vulnerabilities in Support Incident Tracker, which can be exploited by malicious users to conduct SQL injection attacks.
7d5341d2a1daa69ccad7e316a0436d19c355e0401c3cd504b0103e15249e089eSupport Incident Tracker versions 3.63p1 and below suffer from remote SQL injection vulnerabilities.
d4a6bc7e2ac349f7d736bc6594644fbdd8e54b6274d0fda98363192261310ca1Secunia Security Advisory - Some vulnerabilities with unknown impacts have been reported in Support Incident Tracker.
2c1520fe02fa528c2a8f292dd9f4d58b91571635e17574255c731b2ed971d8c3Secunia Security Advisory - Secunia Research has discovered a security issue in NNT Change Tracker and Remote Angel, which can be exploited by malicious, local users to gain escalated privileges.
015a7fb682705d0816da847b19abc46ac8a6233e948b42e2d1dbcb6642f06c86Red Hat Security Advisory 2011-0857-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Integer overflow flaws were found in the way Java2D parsed JPEG images and user-supplied fonts. An attacker could use these flaws to execute arbitrary code with the privileges of the user running an untrusted applet or application. It was found that the MediaTracker implementation created Component instances with unnecessary access privileges. A remote attacker could use this flaw to elevate their privileges by utilizing an untrusted applet or application that uses Swing. Various other issues were also addressed.
afd4e81a2dd219864c346af58a66fae5a0fae7090eba420dd5e3b78ed53286c9Red Hat Security Advisory 2011-0856-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Integer overflow flaws were found in the way Java2D parsed JPEG images and user-supplied fonts. An attacker could use these flaws to execute arbitrary code with the privileges of the user running an untrusted applet or application. It was found that the MediaTracker implementation created Component instances with unnecessary access privileges. A remote attacker could use this flaw to elevate their privileges by utilizing an untrusted applet or application that uses Swing. Various other issues were also addressed.
8a1c7e56402963170d1f3c42e5ff1376f2c517a2432f75d3a4f6714cd83cad69NNT Change Tracker Enterprise version 4.7 suffers from a weak encryption vulnerability.
bb9cfa0dea1ecbb9aaa1f7f61253d99bceada83c9b55f2a9d67b79ffc1f7d419Debian Linux Security Advisory 2226-1 - M. Lucinskij and P. Tumenas discovered a buffer overflow in the code for processing S3M tracker files in the Modplug tracker music library, which may result in the execution of arbitrary code.
023f4c3e1f5ae24e46ffdffd22372a8260f34728a5f7bee9289c67f0e4ed5694Secunia Security Advisory - Debian has issued an update for request-tracker3.6 and request-tracker3.8. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct spoofing attacks, cross-site scripting attacks, and disclose potentially sensitive information and by malicious users to disclose potentially sensitive information, conduct SQL injection attacks, and compromise a vulnerable system.
9c1fd7023aa4128e93da0511c2e25fafe224a063527ef7fabf9a58e771b12832
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed