Download
| Alert*
oval:org.secpod.oval:def:601420
request-tracker3.8 is installed oval:org.secpod.oval:def:600908 Several vulnerabilities were discovered in Request Tracker, an issue tracking system. CVE-2012-4730 Authenticated users can add arbitrary headers or content to mail generated by RT. CVE-2012-4732 A CSRF vulnerability may allow attackers to toggle ticket bookmarks. CVE-2012-4734 If users follow a cra ... oval:org.secpod.oval:def:600543 Several vulnerabilities were in Request Tracker, an issue tracking system. CVE-2011-1685 If the external custom field feature is enabled, Request Tracker allows authenticated users to execute arbitrary code with the permissions of the web server, possible triggered by a cross-site request forgery at ... oval:org.secpod.oval:def:601016 Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-3368 The rt command line tool uses semi-predictable temporary files. A malicious user can use t ... oval:org.secpod.oval:def:600816 It was discovered that the recent request-tracker3.8 update, DSA-2480-1, introduced a regression which caused outgoing mail to fail when running under mod_perl. Please note that if you run request-tracker3.8 under the Apache web server, you must stop and start Apache manually. The "restart" ... oval:org.secpod.oval:def:600889 The security updates for request-tracker3.8, DSA-2480-1, DSA-2480-2, and DSA-2480-3, contained minor regressions. Namely: * The calendar popup page in Internet Explorer would be blocked by the CSRF protection mechanism. * Search results pages could not be shared without saving, sharing, and then loa ... oval:org.secpod.oval:def:600826 The recent security updates for request-tracker3.8, DSA-2480-1 and DSA-2480-2, contained another regression when running under mod_perl. Please note that if you run request-tracker3.8 under the Apache web server, you must stop and start Apache manually. The "restart" mechanism is not recom ... oval:org.secpod.oval:def:600815 Several vulnerabilities were discovered in Request Tracker, an issue tracking system: CVE-2011-2082 The vulnerable-passwords scripts introduced for CVE-2011-0009 failed to correct the password hashes of disabled users. CVE-2011-2083 Several cross-site scripting issues have been discovered. CVE-2011- ... |