Shodan
Vulnerabilities
Vulnerable Software
Bestpractical:  >> Rt  >> 3.8.15  Security Vulnerabilities
CVE-2013-3368
bin/rt in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with predictable name.
CVSS Score
3.3
EPSS Score
0.001
Published
2013-08-23
CVE-2013-3369
Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote authenticated users with the permissions to view the administration pages to execute arbitrary private components via unspecified vectors.
CVSS Score
6.0
EPSS Score
0.006
Published
2013-08-23
CVE-2013-3370
Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 does not properly restrict access to private callback components, which allows remote attackers to have an unspecified impact via a direct request.
CVSS Score
6.8
EPSS Score
0.011
Published
2013-08-23
CVE-2013-3371
Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 3.8.3 through 3.8.16 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary web script or HTML via the filename of an attachment.
CVSS Score
4.3
EPSS Score
0.004
Published
2013-08-23
CVE-2013-3372
Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject multiple Content-Disposition HTTP headers and possibly conduct cross-site scripting (XSS) attacks via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.005
Published
2013-08-23
CVE-2013-3373
CRLF injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a MIME header.
CVSS Score
5.0
EPSS Score
0.005
Published
2013-08-23
CVE-2013-3374
Unspecified vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13, when using the Apache::Session::File session store, allows remote attackers to obtain sensitive information (user preferences and caches) via unknown vectors, related to a "limited session re-use."
CVSS Score
4.3
EPSS Score
0.006
Published
2013-08-23
CVE-2012-2769
Multiple cross-site scripting (XSS) vulnerabilities in the topic administration page in the Extension::MobileUI extension before 1.02 for Best Practical Solutions RT 3.8.x and in Best Practical Solutions RT before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.003
Published
2012-08-15


Products
Pricing
Contact Us

Shodan ® - All rights reserved