| Max CVSS | 6.8 | Min CVSS | 3.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2012-6579 | 6.4 |
Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to configure encryption or signing for certain outbound e-mail, and possibly cause a denial of service (loss of e-mail readability)
|
26-07-2013 - 04:00 | 24-07-2013 - 12:01 | |
| CVE-2012-6578 | 4.3 |
Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled with a "Sign by default" queue configuration, uses a queue's key for signing, which might allow remote attackers to spoof messages by leveraging the lack of
|
24-07-2013 - 12:01 | 24-07-2013 - 12:01 | |
| CVE-2012-6580 | 4.3 |
Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, does not ensure that the UI labels unencrypted messages as unencrypted, which might make it easier for remote attackers to spoof details of a message's ori
|
24-07-2013 - 12:01 | 24-07-2013 - 12:01 | |
| CVE-2012-6581 | 4.3 |
Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to bypass intended restrictions on reading keys in the product's keyring, and trigger outbound e-mail messages signed by an arbitra
|
24-07-2013 - 12:01 | 24-07-2013 - 12:01 | |
| CVE-2012-4732 | 6.8 |
Cross-site request forgery (CSRF) vulnerability in Request Tracker (RT) 3.8.12 and other versions before 3.8.15, and 4.0.6 and other versions before 4.0.8, allows remote attackers to hijack the authentication of users for requests that toggle ticket
|
02-03-2013 - 04:46 | 11-11-2012 - 13:00 | |
| CVE-2012-4734 | 5.0 |
Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to conduct a "confused deputy" attack to bypass the CSRF warning protection mechanism and cause victims to "modify arbitrary state" via unknown vectors related to
|
02-03-2013 - 04:46 | 11-11-2012 - 13:00 | |
| CVE-2012-4731 | 4.0 |
FAQ manager for Request Tracker (RTFM) before 2.4.5 does not properly check user rights, which allows remote authenticated users to create arbitrary articles in arbitrary classes via unknown vectors.
|
28-12-2012 - 05:00 | 11-11-2012 - 13:00 | |
| CVE-2012-4884 | 5.0 |
Argument injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to create arbitrary files via unspecified vectors related to the GnuPG client.
|
15-11-2012 - 05:00 | 11-11-2012 - 13:00 | |
| CVE-2012-4730 | 3.5 |
Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote authenticated users with ModifySelf or AdminUser privileges to inject arbitrary email headers and conduct phishing attacks or obtain sensitive information via unknown vecto
|
12-11-2012 - 05:00 | 11-11-2012 - 13:00 |