Shodan
Vulnerabilities
Vulnerable Software
Bestpractical:  >> Request Tracker  >> 3.6.10  Security Vulnerabilities
CVE-2023-41259
Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-11-03
CVE-2023-41260
Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-11-03
CVE-2022-25802
Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment.
CVSS Score
6.1
EPSS Score
0.006
Published
2022-07-14
CVE-2022-25803
Best Practical Request Tracker (RT) before 5.0.3 has an Open Redirect via a ticket search.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-07-14
CVE-2015-6506
Cross-site scripting (XSS) vulnerability in the cryptography interface in Request Tracker (RT) before 4.2.12 allows remote attackers to inject arbitrary web script or HTML via a crafted public key.
CVSS Score
4.3
EPSS Score
0.005
Published
2015-09-03
CVE-2015-5475
Multiple cross-site scripting (XSS) vulnerabilities in Request Tracker (RT) 4.x before 4.2.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) user and (2) group rights management pages.
CVSS Score
4.3
EPSS Score
0.005
Published
2015-08-14
CVE-2015-1464
RT (aka Request Tracker) before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to hijack sessions via an RSS feed URL.
CVSS Score
6.4
EPSS Score
0.003
Published
2015-03-09
CVE-2014-9472
The email gateway in RT (aka Request Tracker) 3.0.0 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to cause a denial of service (CPU and disk consumption) via a crafted email.
CVSS Score
7.1
EPSS Score
0.009
Published
2015-03-09
CVE-2013-3525
SQL injection vulnerability in Approvals/ in Request Tracker (RT) 4.0.10 and earlier allows remote attackers to execute arbitrary SQL commands via the ShowPending parameter. NOTE: the vendor disputes this issue, stating "We were unable to replicate it, and the individual that reported it retracted their report," and "we had verified that the claimed exploit did not function according to the author's claims.
CVSS Score
7.5
EPSS Score
0.028
Published
2013-05-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved