Vulnerabilites related to sitracker - support_incident_tracker
CVE-2011-3832 (GCVE-0-2011-3832)
Vulnerability from cvelistv5
Published
2012-01-29 02:00
Modified
2024-08-06 23:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Eval injection vulnerability in config.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated administrators to execute arbitrary PHP code via the application_name parameter in a save action.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/50632 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/77002 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/45453 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/71236 | vdb-entry, x_refsource_XF | |
| http://secunia.com/secunia_research/2011-78/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:46:03.109Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "50632",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/50632"
},
{
"name": "77002",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/77002"
},
{
"name": "45453",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45453"
},
{
"name": "sit-config-code-execution(71236)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71236"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2011-78/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Eval injection vulnerability in config.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated administrators to execute arbitrary PHP code via the application_name parameter in a save action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "50632",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/50632"
},
{
"name": "77002",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/77002"
},
{
"name": "45453",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45453"
},
{
"name": "sit-config-code-execution(71236)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71236"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2011-78/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2011-3832",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Eval injection vulnerability in config.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated administrators to execute arbitrary PHP code via the application_name parameter in a save action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "50632",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50632"
},
{
"name": "77002",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/77002"
},
{
"name": "45453",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45453"
},
{
"name": "sit-config-code-execution(71236)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71236"
},
{
"name": "http://secunia.com/secunia_research/2011-78/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2011-78/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2011-3832",
"datePublished": "2012-01-29T02:00:00",
"dateReserved": "2011-09-26T00:00:00",
"dateUpdated": "2024-08-06T23:46:03.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-5069 (GCVE-0-2011-5069)
Vulnerability from cvelistv5
Published
2012-01-29 02:00
Modified
2024-08-07 00:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unrestricted file upload vulnerability in incident_attachments.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in unspecified directory, a different program than CVE-2011-3833.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/71651 | vdb-entry, x_refsource_XF | |
| http://www.kb.cert.org/vuls/id/576355 | third-party-advisory, x_refsource_CERT-VN | |
| http://secunia.com/advisories/45437 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/50896 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/77653 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:39.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "sit-multiple-file-upload(71651)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71651"
},
{
"name": "VU#576355",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/576355"
},
{
"name": "45437",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45437"
},
{
"name": "50896",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/50896"
},
{
"name": "77653",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/77653"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-12-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in incident_attachments.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in unspecified directory, a different program than CVE-2011-3833."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "sit-multiple-file-upload(71651)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71651"
},
{
"name": "VU#576355",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/576355"
},
{
"name": "45437",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45437"
},
{
"name": "50896",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/50896"
},
{
"name": "77653",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/77653"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5069",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in incident_attachments.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in unspecified directory, a different program than CVE-2011-3833."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "sit-multiple-file-upload(71651)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71651"
},
{
"name": "VU#576355",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/576355"
},
{
"name": "45437",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45437"
},
{
"name": "50896",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50896"
},
{
"name": "77653",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/77653"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-5069",
"datePublished": "2012-01-29T02:00:00",
"dateReserved": "2012-01-28T00:00:00",
"dateUpdated": "2024-08-07T00:23:39.947Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5635 (GCVE-0-2007-5635)
Vulnerability from cvelistv5
Published
2007-10-23 17:00
Modified
2024-08-07 15:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple unspecified vulnerabilities in Salford Software Support Incident Tracker (SiT!) before 3.30 have unknown impact and attack vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/26151 | vdb-entry, x_refsource_BID | |
| http://sourceforge.net/project/shownotes.php?release_id=547027 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/27226 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:39:13.301Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26151",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26151"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=547027"
},
{
"name": "27226",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27226"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in Salford Software Support Incident Tracker (SiT!) before 3.30 have unknown impact and attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-10-31T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26151",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26151"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=547027"
},
{
"name": "27226",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27226"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5635",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Salford Software Support Incident Tracker (SiT!) before 3.30 have unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26151",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26151"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=547027",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=547027"
},
{
"name": "27226",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27226"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5635",
"datePublished": "2007-10-23T17:00:00",
"dateReserved": "2007-10-23T00:00:00",
"dateUpdated": "2024-08-07T15:39:13.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2235 (GCVE-0-2012-2235)
Vulnerability from cvelistv5
Published
2012-05-27 19:00
Modified
2024-09-16 18:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in Support Incident Tracker (SiT!) 3.65 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter to index.php, which is not properly handled in an error message.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.trustwave.com/spiderlabs/advisories/TWSL2012-012.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:08.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-012.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Support Incident Tracker (SiT!) 3.65 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter to index.php, which is not properly handled in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-05-27T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-012.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Support Incident Tracker (SiT!) 3.65 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter to index.php, which is not properly handled in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-012.txt",
"refsource": "MISC",
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-012.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2235",
"datePublished": "2012-05-27T19:00:00Z",
"dateReserved": "2012-04-13T00:00:00Z",
"dateUpdated": "2024-09-16T18:39:32.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20220 (GCVE-0-2019-20220)
Vulnerability from cvelistv5
Published
2020-01-02 04:30
Modified
2024-08-05 02:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Support Incident Tracker (SiT!) 3.67, the search_id parameter in the search_incidents_advanced.php page is affected by XSS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:09.245Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Support Incident Tracker (SiT!) 3.67, the search_id parameter in the search_incidents_advanced.php page is affected by XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-02T04:30:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20220",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Support Incident Tracker (SiT!) 3.67, the search_id parameter in the search_incidents_advanced.php page is affected by XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in.html",
"refsource": "MISC",
"url": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20220",
"datePublished": "2020-01-02T04:30:24",
"dateReserved": "2020-01-02T00:00:00",
"dateUpdated": "2024-08-05T02:39:09.245Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1596 (GCVE-0-2010-1596)
Vulnerability from cvelistv5
Published
2010-04-28 23:00
Modified
2024-08-07 01:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Support Incident Tracker before 3.51, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/37949 | vdb-entry, x_refsource_BID | |
| http://sitracker.org/wiki/ReleaseNotes351 | x_refsource_CONFIRM | |
| http://sitracker.org/forum/viewtopic.php?f=4&t=1416979&p=2292 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/55871 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/61945 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/38329 | third-party-advisory, x_refsource_SECUNIA | |
| http://bugs.sitracker.org/view.php?id=1047 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:28:43.100Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37949",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37949"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sitracker.org/wiki/ReleaseNotes351"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sitracker.org/forum/viewtopic.php?f=4\u0026t=1416979\u0026p=2292"
},
{
"name": "supportincident-ldap-security-bypass(55871)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55871"
},
{
"name": "61945",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/61945"
},
{
"name": "38329",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38329"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.sitracker.org/view.php?id=1047"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Support Incident Tracker before 3.51, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37949",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37949"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sitracker.org/wiki/ReleaseNotes351"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sitracker.org/forum/viewtopic.php?f=4\u0026t=1416979\u0026p=2292"
},
{
"name": "supportincident-ldap-security-bypass(55871)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55871"
},
{
"name": "61945",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/61945"
},
{
"name": "38329",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38329"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.sitracker.org/view.php?id=1047"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1596",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Support Incident Tracker before 3.51, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37949",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37949"
},
{
"name": "http://sitracker.org/wiki/ReleaseNotes351",
"refsource": "CONFIRM",
"url": "http://sitracker.org/wiki/ReleaseNotes351"
},
{
"name": "http://sitracker.org/forum/viewtopic.php?f=4\u0026t=1416979\u0026p=2292",
"refsource": "CONFIRM",
"url": "http://sitracker.org/forum/viewtopic.php?f=4\u0026t=1416979\u0026p=2292"
},
{
"name": "supportincident-ldap-security-bypass(55871)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55871"
},
{
"name": "61945",
"refsource": "OSVDB",
"url": "http://osvdb.org/61945"
},
{
"name": "38329",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38329"
},
{
"name": "http://bugs.sitracker.org/view.php?id=1047",
"refsource": "CONFIRM",
"url": "http://bugs.sitracker.org/view.php?id=1047"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1596",
"datePublished": "2010-04-28T23:00:00",
"dateReserved": "2010-04-28T00:00:00",
"dateUpdated": "2024-08-07T01:28:43.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3830 (GCVE-0-2011-3830)
Vulnerability from cvelistv5
Published
2012-01-29 02:00
Modified
2024-08-06 23:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in search.php in Support Incident Tracker (aka SiT!) 3.65 allows remote attackers to inject arbitrary web script or HTML via the search_string parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/50632 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/71234 | vdb-entry, x_refsource_XF | |
| http://secunia.com/secunia_research/2011-76/ | x_refsource_MISC | |
| http://secunia.com/advisories/45453 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/77000 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:46:03.132Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "50632",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/50632"
},
{
"name": "sit-search-xss(71234)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71234"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2011-76/"
},
{
"name": "45453",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45453"
},
{
"name": "77000",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/77000"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in search.php in Support Incident Tracker (aka SiT!) 3.65 allows remote attackers to inject arbitrary web script or HTML via the search_string parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "50632",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/50632"
},
{
"name": "sit-search-xss(71234)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71234"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2011-76/"
},
{
"name": "45453",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45453"
},
{
"name": "77000",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/77000"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2011-3830",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in search.php in Support Incident Tracker (aka SiT!) 3.65 allows remote attackers to inject arbitrary web script or HTML via the search_string parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "50632",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50632"
},
{
"name": "sit-search-xss(71234)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71234"
},
{
"name": "http://secunia.com/secunia_research/2011-76/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2011-76/"
},
{
"name": "45453",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45453"
},
{
"name": "77000",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/77000"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2011-3830",
"datePublished": "2012-01-29T02:00:00",
"dateReserved": "2011-09-26T00:00:00",
"dateUpdated": "2024-08-06T23:46:03.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-5070 (GCVE-0-2011-5070)
Vulnerability from cvelistv5
Published
2012-01-29 02:00
Modified
2024-08-07 00:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Support Incident Tracker (aka SiT!) 3.65 allow remote attackers to inject arbitrary web script or HTML via (1) the file name to incident_attachments.php; (2) unspecified vectors in link_add.php, possibly involving origref, linkref, linktype parameters, which are not properly handled in the clean_int function in lib/base.inc.php, or the redirect parameter, which is not properly handled in the html_redirect function in lib/html.inc.php; and (3) unspecified vectors in translate.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/71652 | vdb-entry, x_refsource_XF | |
| http://www.kb.cert.org/vuls/id/576355 | third-party-advisory, x_refsource_CERT-VN | |
| http://secunia.com/advisories/45437 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/50896 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/77655 | vdb-entry, x_refsource_OSVDB | |
| http://www.osvdb.org/77654 | vdb-entry, x_refsource_OSVDB | |
| http://www.osvdb.org/77656 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:39.948Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "sit-multiple-xss(71652)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71652"
},
{
"name": "VU#576355",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/576355"
},
{
"name": "45437",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45437"
},
{
"name": "50896",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/50896"
},
{
"name": "77655",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/77655"
},
{
"name": "77654",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/77654"
},
{
"name": "77656",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/77656"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-12-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Support Incident Tracker (aka SiT!) 3.65 allow remote attackers to inject arbitrary web script or HTML via (1) the file name to incident_attachments.php; (2) unspecified vectors in link_add.php, possibly involving origref, linkref, linktype parameters, which are not properly handled in the clean_int function in lib/base.inc.php, or the redirect parameter, which is not properly handled in the html_redirect function in lib/html.inc.php; and (3) unspecified vectors in translate.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "sit-multiple-xss(71652)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71652"
},
{
"name": "VU#576355",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/576355"
},
{
"name": "45437",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45437"
},
{
"name": "50896",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/50896"
},
{
"name": "77655",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/77655"
},
{
"name": "77654",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/77654"
},
{
"name": "77656",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/77656"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5070",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Support Incident Tracker (aka SiT!) 3.65 allow remote attackers to inject arbitrary web script or HTML via (1) the file name to incident_attachments.php; (2) unspecified vectors in link_add.php, possibly involving origref, linkref, linktype parameters, which are not properly handled in the clean_int function in lib/base.inc.php, or the redirect parameter, which is not properly handled in the html_redirect function in lib/html.inc.php; and (3) unspecified vectors in translate.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "sit-multiple-xss(71652)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71652"
},
{
"name": "VU#576355",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/576355"
},
{
"name": "45437",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45437"
},
{
"name": "50896",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50896"
},
{
"name": "77655",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/77655"
},
{
"name": "77654",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/77654"
},
{
"name": "77656",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/77656"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-5070",
"datePublished": "2012-01-29T02:00:00",
"dateReserved": "2012-01-28T00:00:00",
"dateUpdated": "2024-08-07T00:23:39.948Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20222 (GCVE-0-2019-20222)
Vulnerability from cvelistv5
Published
2020-01-02 04:30
Modified
2024-08-05 02:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Support Incident Tracker (SiT!) 3.67, the Short Application Name and Application Name inputs in the config.php page are affected by XSS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in-short.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:09.792Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in-short.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Support Incident Tracker (SiT!) 3.67, the Short Application Name and Application Name inputs in the config.php page are affected by XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-02T04:30:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in-short.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20222",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Support Incident Tracker (SiT!) 3.67, the Short Application Name and Application Name inputs in the config.php page are affected by XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in-short.html",
"refsource": "MISC",
"url": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in-short.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20222",
"datePublished": "2020-01-02T04:30:02",
"dateReserved": "2020-01-02T00:00:00",
"dateUpdated": "2024-08-05T02:39:09.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-5075 (GCVE-0-2011-5075)
Vulnerability from cvelistv5
Published
2012-01-29 11:00
Modified
2024-09-17 00:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to obtain sensitive information via a direct request using the save action, which reveals the installation path.
References
| ▼ | URL | Tags |
|---|---|---|
| http://bugs.sitracker.org/view.php?id=1737 | x_refsource_CONFIRM | |
| http://www.exploit-db.com/exploits/18132/ | exploit, x_refsource_EXPLOIT-DB | |
| http://www.openwall.com/lists/oss-security/2011/11/22/3 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/archive/1/520577 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:39.866Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.sitracker.org/view.php?id=1737"
},
{
"name": "18132",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18132/"
},
{
"name": "[oss-security] 20111121 Re: Fwd: Support Incident Tracker \u003c= 3.65 (translate.php) Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/11/22/3"
},
{
"name": "20111119 Support Incident Tracker \u003c= 3.65 (translate.php) Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/520577"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to obtain sensitive information via a direct request using the save action, which reveals the installation path."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-01-29T11:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.sitracker.org/view.php?id=1737"
},
{
"name": "18132",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18132/"
},
{
"name": "[oss-security] 20111121 Re: Fwd: Support Incident Tracker \u003c= 3.65 (translate.php) Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/11/22/3"
},
{
"name": "20111119 Support Incident Tracker \u003c= 3.65 (translate.php) Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/520577"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5075",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to obtain sensitive information via a direct request using the save action, which reveals the installation path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.sitracker.org/view.php?id=1737",
"refsource": "CONFIRM",
"url": "http://bugs.sitracker.org/view.php?id=1737"
},
{
"name": "18132",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18132/"
},
{
"name": "[oss-security] 20111121 Re: Fwd: Support Incident Tracker \u003c= 3.65 (translate.php) Remote Code Execution Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/11/22/3"
},
{
"name": "20111119 Support Incident Tracker \u003c= 3.65 (translate.php) Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/520577"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-5075",
"datePublished": "2012-01-29T11:00:00Z",
"dateReserved": "2012-01-28T00:00:00Z",
"dateUpdated": "2024-09-17T00:31:08.737Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-5071 (GCVE-0-2011-5071)
Vulnerability from cvelistv5
Published
2012-01-29 02:00
Modified
2024-09-16 22:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.64 allow remote attackers to execute arbitrary SQL commands via the (1) exc[] parameter to report_marketing.php, (2) selected[] parameter to tasks.php, (3) sites[] parameter to billable_incidents.php, or (4) search_string parameter to search.php. NOTE: some of these details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/45437 | third-party-advisory, x_refsource_SECUNIA | |
| http://seclists.org/bugtraq/2011/Jul/174 | mailing-list, x_refsource_BUGTRAQ | |
| http://en.securitylab.ru/lab/PT-2011-25 | x_refsource_MISC | |
| http://secunia.com/advisories/45277 | third-party-advisory, x_refsource_SECUNIA | |
| http://sitracker.org/wiki/ReleaseNotes364 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:40.040Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45437",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45437"
},
{
"name": "20110726 [PT-2011-25] SQL injection vulnerabilities in Support Incident Tracker",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2011/Jul/174"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://en.securitylab.ru/lab/PT-2011-25"
},
{
"name": "45277",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45277"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sitracker.org/wiki/ReleaseNotes364"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.64 allow remote attackers to execute arbitrary SQL commands via the (1) exc[] parameter to report_marketing.php, (2) selected[] parameter to tasks.php, (3) sites[] parameter to billable_incidents.php, or (4) search_string parameter to search.php. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-01-29T02:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "45437",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45437"
},
{
"name": "20110726 [PT-2011-25] SQL injection vulnerabilities in Support Incident Tracker",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2011/Jul/174"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://en.securitylab.ru/lab/PT-2011-25"
},
{
"name": "45277",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45277"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sitracker.org/wiki/ReleaseNotes364"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5071",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.64 allow remote attackers to execute arbitrary SQL commands via the (1) exc[] parameter to report_marketing.php, (2) selected[] parameter to tasks.php, (3) sites[] parameter to billable_incidents.php, or (4) search_string parameter to search.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45437",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45437"
},
{
"name": "20110726 [PT-2011-25] SQL injection vulnerabilities in Support Incident Tracker",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2011/Jul/174"
},
{
"name": "http://en.securitylab.ru/lab/PT-2011-25",
"refsource": "MISC",
"url": "http://en.securitylab.ru/lab/PT-2011-25"
},
{
"name": "45277",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45277"
},
{
"name": "http://sitracker.org/wiki/ReleaseNotes364",
"refsource": "CONFIRM",
"url": "http://sitracker.org/wiki/ReleaseNotes364"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-5071",
"datePublished": "2012-01-29T02:00:00Z",
"dateReserved": "2012-01-28T00:00:00Z",
"dateUpdated": "2024-09-16T22:30:12.625Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20223 (GCVE-0-2019-20223)
Vulnerability from cvelistv5
Published
2020-01-02 04:29
Modified
2024-08-05 02:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Support Incident Tracker (SiT!) 3.67, the id parameter is affected by XSS on all endpoints that use this parameter, a related issue to CVE-2012-2235.
References
| ▼ | URL | Tags |
|---|---|---|
| https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-id.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:09.886Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-id.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Support Incident Tracker (SiT!) 3.67, the id parameter is affected by XSS on all endpoints that use this parameter, a related issue to CVE-2012-2235."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-02T04:29:51",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-id.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20223",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Support Incident Tracker (SiT!) 3.67, the id parameter is affected by XSS on all endpoints that use this parameter, a related issue to CVE-2012-2235."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-id.html",
"refsource": "MISC",
"url": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-id.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20223",
"datePublished": "2020-01-02T04:29:51",
"dateReserved": "2020-01-02T00:00:00",
"dateUpdated": "2024-08-05T02:39:09.886Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20221 (GCVE-0-2019-20221)
Vulnerability from cvelistv5
Published
2020-01-02 04:30
Modified
2024-08-05 02:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Support Incident Tracker (SiT!) 3.67, Load Plugins input in the config.php page is affected by XSS. The XSS payload is, for example, executed on the about.php page.
References
| ▼ | URL | Tags |
|---|---|---|
| https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in-plugin.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:09.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in-plugin.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Support Incident Tracker (SiT!) 3.67, Load Plugins input in the config.php page is affected by XSS. The XSS payload is, for example, executed on the about.php page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-02T04:30:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in-plugin.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20221",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Support Incident Tracker (SiT!) 3.67, Load Plugins input in the config.php page is affected by XSS. The XSS payload is, for example, executed on the about.php page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in-plugin.html",
"refsource": "MISC",
"url": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in-plugin.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20221",
"datePublished": "2020-01-02T04:30:12",
"dateReserved": "2020-01-02T00:00:00",
"dateUpdated": "2024-08-05T02:39:09.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-5072 (GCVE-0-2011-5072)
Vulnerability from cvelistv5
Published
2012-01-29 11:00
Modified
2024-09-17 01:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to execute arbitrary SQL commands via the (1) start parameter to portal/kb.php; (2) contractid parameter to contract_add_service.php; (3) id parameter to edit_escalation_path.php; (4) unlock, (5) lock, or (6) selected parameter to holding_queue.php; inc parameter in a report action to (7) report_customers.php or (8) report_incidents_by_site.php; (9) start parameter to search.php; or (10) sites parameter to transactions.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://sitracker.org/wiki/ReleaseNotes365 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/519636 | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/46019 | third-party-advisory, x_refsource_SECUNIA | |
| https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:39.901Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sitracker.org/wiki/ReleaseNotes365"
},
{
"name": "20110914 Multiple vulnerabilities in SiT! Support Incident Tracker",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/519636"
},
{
"name": "46019",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46019"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to execute arbitrary SQL commands via the (1) start parameter to portal/kb.php; (2) contractid parameter to contract_add_service.php; (3) id parameter to edit_escalation_path.php; (4) unlock, (5) lock, or (6) selected parameter to holding_queue.php; inc parameter in a report action to (7) report_customers.php or (8) report_incidents_by_site.php; (9) start parameter to search.php; or (10) sites parameter to transactions.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-01-29T11:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sitracker.org/wiki/ReleaseNotes365"
},
{
"name": "20110914 Multiple vulnerabilities in SiT! Support Incident Tracker",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/519636"
},
{
"name": "46019",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46019"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5072",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to execute arbitrary SQL commands via the (1) start parameter to portal/kb.php; (2) contractid parameter to contract_add_service.php; (3) id parameter to edit_escalation_path.php; (4) unlock, (5) lock, or (6) selected parameter to holding_queue.php; inc parameter in a report action to (7) report_customers.php or (8) report_incidents_by_site.php; (9) start parameter to search.php; or (10) sites parameter to transactions.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sitracker.org/wiki/ReleaseNotes365",
"refsource": "CONFIRM",
"url": "http://sitracker.org/wiki/ReleaseNotes365"
},
{
"name": "20110914 Multiple vulnerabilities in SiT! Support Incident Tracker",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/519636"
},
{
"name": "46019",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46019"
},
{
"name": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html",
"refsource": "MISC",
"url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-5072",
"datePublished": "2012-01-29T11:00:00Z",
"dateReserved": "2012-01-28T00:00:00Z",
"dateUpdated": "2024-09-17T01:30:51.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3829 (GCVE-0-2011-3829)
Vulnerability from cvelistv5
Published
2012-01-29 02:00
Modified
2024-08-06 23:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ftp_upload_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to obtain sensitive information via the file name, which reveals the installation path in an error message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/50632 | vdb-entry, x_refsource_BID | |
| http://secunia.com/secunia_research/2011-75/ | x_refsource_MISC | |
| http://www.exploit-db.com/exploits/18108 | exploit, x_refsource_EXPLOIT-DB | |
| http://secunia.com/advisories/45453 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/76999 | vdb-entry, x_refsource_OSVDB | |
| http://packetstormsecurity.org/files/106933/sit_file_upload.rb.txt | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/71233 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:46:03.122Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "50632",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/50632"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2011-75/"
},
{
"name": "18108",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18108"
},
{
"name": "45453",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45453"
},
{
"name": "76999",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/76999"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/106933/sit_file_upload.rb.txt"
},
{
"name": "sit-ftpuploadfile-path-disclosure(71233)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71233"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ftp_upload_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to obtain sensitive information via the file name, which reveals the installation path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "50632",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/50632"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2011-75/"
},
{
"name": "18108",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18108"
},
{
"name": "45453",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45453"
},
{
"name": "76999",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/76999"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/106933/sit_file_upload.rb.txt"
},
{
"name": "sit-ftpuploadfile-path-disclosure(71233)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71233"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2011-3829",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ftp_upload_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to obtain sensitive information via the file name, which reveals the installation path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "50632",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50632"
},
{
"name": "http://secunia.com/secunia_research/2011-75/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2011-75/"
},
{
"name": "18108",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18108"
},
{
"name": "45453",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45453"
},
{
"name": "76999",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/76999"
},
{
"name": "http://packetstormsecurity.org/files/106933/sit_file_upload.rb.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/106933/sit_file_upload.rb.txt"
},
{
"name": "sit-ftpuploadfile-path-disclosure(71233)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71233"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2011-3829",
"datePublished": "2012-01-29T02:00:00",
"dateReserved": "2011-09-26T00:00:00",
"dateUpdated": "2024-08-06T23:46:03.122Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4337 (GCVE-0-2011-4337)
Vulnerability from cvelistv5
Published
2012-01-29 11:00
Modified
2024-09-17 02:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Static code injection vulnerability in translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to inject arbitrary PHP code into an executable language file in the i18n directory via the lang variable.
References
| ▼ | URL | Tags |
|---|---|---|
| http://bugs.sitracker.org/view.php?id=1737 | x_refsource_CONFIRM | |
| http://www.exploit-db.com/exploits/18132/ | exploit, x_refsource_EXPLOIT-DB | |
| http://www.openwall.com/lists/oss-security/2011/11/22/3 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/archive/1/520577 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:01:51.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.sitracker.org/view.php?id=1737"
},
{
"name": "18132",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18132/"
},
{
"name": "[oss-security] 20111121 Re: Fwd: Support Incident Tracker \u003c= 3.65 (translate.php) Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/11/22/3"
},
{
"name": "20111119 Support Incident Tracker \u003c= 3.65 (translate.php) Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/520577"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Static code injection vulnerability in translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to inject arbitrary PHP code into an executable language file in the i18n directory via the lang variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-01-29T11:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.sitracker.org/view.php?id=1737"
},
{
"name": "18132",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18132/"
},
{
"name": "[oss-security] 20111121 Re: Fwd: Support Incident Tracker \u003c= 3.65 (translate.php) Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/11/22/3"
},
{
"name": "20111119 Support Incident Tracker \u003c= 3.65 (translate.php) Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/520577"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Static code injection vulnerability in translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to inject arbitrary PHP code into an executable language file in the i18n directory via the lang variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.sitracker.org/view.php?id=1737",
"refsource": "CONFIRM",
"url": "http://bugs.sitracker.org/view.php?id=1737"
},
{
"name": "18132",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18132/"
},
{
"name": "[oss-security] 20111121 Re: Fwd: Support Incident Tracker \u003c= 3.65 (translate.php) Remote Code Execution Vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/11/22/3"
},
{
"name": "20111119 Support Incident Tracker \u003c= 3.65 (translate.php) Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/520577"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4337",
"datePublished": "2012-01-29T11:00:00Z",
"dateReserved": "2011-11-04T00:00:00Z",
"dateUpdated": "2024-09-17T02:27:02.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-5068 (GCVE-0-2011-5068)
Vulnerability from cvelistv5
Published
2012-01-29 02:00
Modified
2024-08-07 00:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Support Incident Tracker (aka SiT!) 3.65 allow remote attackers to hijack the authentication of user for requests that delete a user via user_delete.php and other unspecified programs.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/576355 | third-party-advisory, x_refsource_CERT-VN | |
| http://secunia.com/advisories/45437 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/50896 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/show/osvdb/77657 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/71653 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:39.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#576355",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/576355"
},
{
"name": "45437",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45437"
},
{
"name": "50896",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/50896"
},
{
"name": "77657",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/show/osvdb/77657"
},
{
"name": "sit-multiple-csrf(71653)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71653"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-12-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Support Incident Tracker (aka SiT!) 3.65 allow remote attackers to hijack the authentication of user for requests that delete a user via user_delete.php and other unspecified programs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#576355",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/576355"
},
{
"name": "45437",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45437"
},
{
"name": "50896",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/50896"
},
{
"name": "77657",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/show/osvdb/77657"
},
{
"name": "sit-multiple-csrf(71653)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71653"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Support Incident Tracker (aka SiT!) 3.65 allow remote attackers to hijack the authentication of user for requests that delete a user via user_delete.php and other unspecified programs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#576355",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/576355"
},
{
"name": "45437",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45437"
},
{
"name": "50896",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50896"
},
{
"name": "77657",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/77657"
},
{
"name": "sit-multiple-csrf(71653)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71653"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-5068",
"datePublished": "2012-01-29T02:00:00",
"dateReserved": "2012-01-28T00:00:00",
"dateUpdated": "2024-08-07T00:23:39.988Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-5067 (GCVE-0-2011-5067)
Vulnerability from cvelistv5
Published
2012-01-29 02:00
Modified
2024-09-17 02:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
move_uploaded_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to obtain sensitive information via the file name, which reveals the installation path in an error message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/576355 | third-party-advisory, x_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:39.958Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#576355",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/576355"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "move_uploaded_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to obtain sensitive information via the file name, which reveals the installation path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-01-29T02:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#576355",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/576355"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5067",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "move_uploaded_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to obtain sensitive information via the file name, which reveals the installation path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#576355",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/576355"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-5067",
"datePublished": "2012-01-29T02:00:00Z",
"dateReserved": "2012-01-28T00:00:00Z",
"dateUpdated": "2024-09-17T02:07:11.033Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-5073 (GCVE-0-2011-5073)
Vulnerability from cvelistv5
Published
2012-01-29 11:00
Modified
2024-09-17 04:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to inject arbitrary web script or HTML via the (1) mode parameter to contact_support.php; (2) contractid parameter to contract_add_service.php; (3) user parameter to edit_backup_users.php; (4) id parameter to edit_escalation_path.php; the Referer to (5) forgotpwd.php, (6) an approvalpage action to billable_incidents.php, or (7) transactions.php; (8) action parameter to inbox.php; (9) search_string parameter in a findcontact action to incident_add.php; table1 parameter to (10) report_customers.php, (11) report_incidents_by_engineer.php, (12) report_incidents_by_site.php, or (13) report_marketing.php; or the (14) startdate or (15) enddate parameter to report_incidents_by_vendor.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://sitracker.org/wiki/ReleaseNotes365 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/519636 | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/46019 | third-party-advisory, x_refsource_SECUNIA | |
| https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:39.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sitracker.org/wiki/ReleaseNotes365"
},
{
"name": "20110914 Multiple vulnerabilities in SiT! Support Incident Tracker",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/519636"
},
{
"name": "46019",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46019"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to inject arbitrary web script or HTML via the (1) mode parameter to contact_support.php; (2) contractid parameter to contract_add_service.php; (3) user parameter to edit_backup_users.php; (4) id parameter to edit_escalation_path.php; the Referer to (5) forgotpwd.php, (6) an approvalpage action to billable_incidents.php, or (7) transactions.php; (8) action parameter to inbox.php; (9) search_string parameter in a findcontact action to incident_add.php; table1 parameter to (10) report_customers.php, (11) report_incidents_by_engineer.php, (12) report_incidents_by_site.php, or (13) report_marketing.php; or the (14) startdate or (15) enddate parameter to report_incidents_by_vendor.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-01-29T11:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sitracker.org/wiki/ReleaseNotes365"
},
{
"name": "20110914 Multiple vulnerabilities in SiT! Support Incident Tracker",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/519636"
},
{
"name": "46019",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46019"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5073",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to inject arbitrary web script or HTML via the (1) mode parameter to contact_support.php; (2) contractid parameter to contract_add_service.php; (3) user parameter to edit_backup_users.php; (4) id parameter to edit_escalation_path.php; the Referer to (5) forgotpwd.php, (6) an approvalpage action to billable_incidents.php, or (7) transactions.php; (8) action parameter to inbox.php; (9) search_string parameter in a findcontact action to incident_add.php; table1 parameter to (10) report_customers.php, (11) report_incidents_by_engineer.php, (12) report_incidents_by_site.php, or (13) report_marketing.php; or the (14) startdate or (15) enddate parameter to report_incidents_by_vendor.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sitracker.org/wiki/ReleaseNotes365",
"refsource": "CONFIRM",
"url": "http://sitracker.org/wiki/ReleaseNotes365"
},
{
"name": "20110914 Multiple vulnerabilities in SiT! Support Incident Tracker",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/519636"
},
{
"name": "46019",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46019"
},
{
"name": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html",
"refsource": "MISC",
"url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-5073",
"datePublished": "2012-01-29T11:00:00Z",
"dateReserved": "2012-01-28T00:00:00Z",
"dateUpdated": "2024-09-17T04:03:57.780Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3831 (GCVE-0-2011-3831)
Vulnerability from cvelistv5
Published
2012-01-29 02:00
Modified
2024-08-06 23:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in incident_attachments.php in Support Incident Tracker (aka SiT!) 3.65 allows remote attackers to execute arbitrary SQL commands via an uploaded file with a crafted file name.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/50632 | vdb-entry, x_refsource_BID | |
| http://www.kb.cert.org/vuls/id/576355 | third-party-advisory, x_refsource_CERT-VN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/71235 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/45453 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/77001 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/secunia_research/2011-77/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:46:03.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "50632",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/50632"
},
{
"name": "VU#576355",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/576355"
},
{
"name": "sit-incidentattachments-sql-injection(71235)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71235"
},
{
"name": "45453",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45453"
},
{
"name": "77001",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/77001"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2011-77/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in incident_attachments.php in Support Incident Tracker (aka SiT!) 3.65 allows remote attackers to execute arbitrary SQL commands via an uploaded file with a crafted file name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "50632",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/50632"
},
{
"name": "VU#576355",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/576355"
},
{
"name": "sit-incidentattachments-sql-injection(71235)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71235"
},
{
"name": "45453",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45453"
},
{
"name": "77001",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/77001"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2011-77/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2011-3831",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in incident_attachments.php in Support Incident Tracker (aka SiT!) 3.65 allows remote attackers to execute arbitrary SQL commands via an uploaded file with a crafted file name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "50632",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50632"
},
{
"name": "VU#576355",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/576355"
},
{
"name": "sit-incidentattachments-sql-injection(71235)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71235"
},
{
"name": "45453",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45453"
},
{
"name": "77001",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/77001"
},
{
"name": "http://secunia.com/secunia_research/2011-77/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2011-77/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2011-3831",
"datePublished": "2012-01-29T02:00:00",
"dateReserved": "2011-09-26T00:00:00",
"dateUpdated": "2024-08-06T23:46:03.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-5074 (GCVE-0-2011-5074)
Vulnerability from cvelistv5
Published
2012-01-29 11:00
Modified
2024-09-17 01:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to hijack the authentication of administrators for requests that change administrator email, add a new administrator, or insert arbitrary script via (1) user_profile_edit.php or (2) user_add.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://sitracker.org/wiki/ReleaseNotes365 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/519636 | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/46019 | third-party-advisory, x_refsource_SECUNIA | |
| https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:40.112Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sitracker.org/wiki/ReleaseNotes365"
},
{
"name": "20110914 Multiple vulnerabilities in SiT! Support Incident Tracker",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/519636"
},
{
"name": "46019",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46019"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to hijack the authentication of administrators for requests that change administrator email, add a new administrator, or insert arbitrary script via (1) user_profile_edit.php or (2) user_add.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-01-29T11:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sitracker.org/wiki/ReleaseNotes365"
},
{
"name": "20110914 Multiple vulnerabilities in SiT! Support Incident Tracker",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/519636"
},
{
"name": "46019",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46019"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5074",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to hijack the authentication of administrators for requests that change administrator email, add a new administrator, or insert arbitrary script via (1) user_profile_edit.php or (2) user_add.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sitracker.org/wiki/ReleaseNotes365",
"refsource": "CONFIRM",
"url": "http://sitracker.org/wiki/ReleaseNotes365"
},
{
"name": "20110914 Multiple vulnerabilities in SiT! Support Incident Tracker",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/519636"
},
{
"name": "46019",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46019"
},
{
"name": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html",
"refsource": "MISC",
"url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-5074",
"datePublished": "2012-01-29T11:00:00Z",
"dateReserved": "2012-01-28T00:00:00Z",
"dateUpdated": "2024-09-17T01:06:39.401Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3833 (GCVE-0-2011-3833)
Vulnerability from cvelistv5
Published
2012-01-29 02:00
Modified
2024-08-06 23:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unrestricted file upload vulnerability in ftp_upload_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in an unspecified directory.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/71651 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/50632 | vdb-entry, x_refsource_BID | |
| http://www.kb.cert.org/vuls/id/576355 | third-party-advisory, x_refsource_CERT-VN | |
| http://secunia.com/secunia_research/2011-79/ | x_refsource_MISC | |
| http://www.securityfocus.com/bid/50896 | vdb-entry, x_refsource_BID | |
| http://www.exploit-db.com/exploits/18108 | exploit, x_refsource_EXPLOIT-DB | |
| http://secunia.com/advisories/45453 | third-party-advisory, x_refsource_SECUNIA | |
| http://packetstormsecurity.org/files/106933/sit_file_upload.rb.txt | x_refsource_MISC | |
| http://www.osvdb.org/77003 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/71237 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:46:03.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "sit-multiple-file-upload(71651)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71651"
},
{
"name": "50632",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/50632"
},
{
"name": "VU#576355",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/576355"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2011-79/"
},
{
"name": "50896",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/50896"
},
{
"name": "18108",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18108"
},
{
"name": "45453",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45453"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/106933/sit_file_upload.rb.txt"
},
{
"name": "77003",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/77003"
},
{
"name": "sit-ftpuploadfile-file-upload(71237)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71237"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in ftp_upload_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "sit-multiple-file-upload(71651)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71651"
},
{
"name": "50632",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/50632"
},
{
"name": "VU#576355",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/576355"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2011-79/"
},
{
"name": "50896",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/50896"
},
{
"name": "18108",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18108"
},
{
"name": "45453",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45453"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/106933/sit_file_upload.rb.txt"
},
{
"name": "77003",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/77003"
},
{
"name": "sit-ftpuploadfile-file-upload(71237)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71237"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2011-3833",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in ftp_upload_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "sit-multiple-file-upload(71651)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71651"
},
{
"name": "50632",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50632"
},
{
"name": "VU#576355",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/576355"
},
{
"name": "http://secunia.com/secunia_research/2011-79/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2011-79/"
},
{
"name": "50896",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50896"
},
{
"name": "18108",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18108"
},
{
"name": "45453",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45453"
},
{
"name": "http://packetstormsecurity.org/files/106933/sit_file_upload.rb.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/106933/sit_file_upload.rb.txt"
},
{
"name": "77003",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/77003"
},
{
"name": "sit-ftpuploadfile-file-upload(71237)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71237"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2011-3833",
"datePublished": "2012-01-29T02:00:00",
"dateReserved": "2011-09-26T00:00:00",
"dateUpdated": "2024-08-06T23:46:03.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2020-01-02 14:16
Modified
2024-11-21 04:38
Severity ?
Summary
In Support Incident Tracker (SiT!) 3.67, the Short Application Name and Application Name inputs in the config.php page are affected by XSS.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in-short.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in-short.html | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sitracker | support_incident_tracker | 3.67 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.67:*:*:*:*:*:*:*",
"matchCriteriaId": "5883EF45-2F40-4F10-91D6-CD6F827C04A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Support Incident Tracker (SiT!) 3.67, the Short Application Name and Application Name inputs in the config.php page are affected by XSS."
},
{
"lang": "es",
"value": "En Support Incident Tracker (SiT!) versi\u00f3n 3.67, las entradas Short Application Name y Application Name en la p\u00e1gina config.php est\u00e1n afectadas por una vulnerabilidad de tipo XSS."
}
],
"id": "CVE-2019-20222",
"lastModified": "2024-11-21T04:38:14.413",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-02T14:16:36.923",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in-short.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in-short.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-01-29 04:04
Modified
2025-04-11 00:51
Severity ?
Summary
ftp_upload_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to obtain sensitive information via the file name, which reveals the installation path in an error message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sitracker | support_incident_tracker | 3.65 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.65:*:*:*:*:*:*:*",
"matchCriteriaId": "691D701C-AEA0-400C-92E9-DAE772E1CBB1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ftp_upload_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to obtain sensitive information via the file name, which reveals the installation path in an error message."
},
{
"lang": "es",
"value": "ftp_upload_file.php en Support Incident Tracker v3.65 permite obtener informaci\u00f3n sensible a trav\u00e9s del nombre del archivo a usuarios remotos autenticados para. De esta manera se revela la ruta de instalaci\u00f3n en un mensaje de error."
}
],
"id": "CVE-2011-3829",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-01-29T04:04:44.343",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/files/106933/sit_file_upload.rb.txt"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45453"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2011-75/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18108"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.osvdb.org/76999"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/50632"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/files/106933/sit_file_upload.rb.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45453"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2011-75/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/76999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/50632"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71233"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-05-27 19:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Support Incident Tracker (SiT!) 3.65 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter to index.php, which is not properly handled in an error message.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D637BA4-17F7-45A1-9173-1D7A05E5C619",
"versionEndIncluding": "3.65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:1.8.00:*:*:*:*:*:*:*",
"matchCriteriaId": "50D641D2-158D-4570-B2E4-FFCF63A942DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:2.8.00:*:*:*:*:*:*:*",
"matchCriteriaId": "CD0D1949-AB42-462D-A348-F9CDCDCFF9C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.00:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA68017-3E7C-4393-86F6-8E42EB0F3549",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.00:beta1:*:*:*:*:*:*",
"matchCriteriaId": "F04128DD-1BBB-47B0-8CAC-8DBDFE647046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.00:beta2:*:*:*:*:*:*",
"matchCriteriaId": "6F228481-19D5-4E98-933F-5D1C5CC20008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.00:beta3:*:*:*:*:*:*",
"matchCriteriaId": "7A085965-4106-40BB-9374-374986E88AB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.01:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA97C93-F0DA-43DA-8BA2-706A1E541D97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.02:*:*:*:*:*:*:*",
"matchCriteriaId": "194634B9-5EBF-4365-ADFB-BD56D6DBA827",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.03:*:*:*:*:*:*:*",
"matchCriteriaId": "93CE290D-A031-40BB-AB85-9911C0F438FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.03a:*:*:*:*:*:*:*",
"matchCriteriaId": "4E2CF1C2-DBCE-416A-9C0F-DC19BF7161F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.04a:*:*:*:*:*:*:*",
"matchCriteriaId": "E08CC85C-7D41-493D-BC81-A898EDE83B54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.05:*:*:*:*:*:*:*",
"matchCriteriaId": "8A0AD14E-31D8-4DA2-94D2-D7C3BFCE3396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "48854537-091C-4350-A42E-8E6AA19A4C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.06:*:*:*:*:*:*:*",
"matchCriteriaId": "2273ED90-763F-45BD-81B2-E20B5A011DEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.07:*:*:*:*:*:*:*",
"matchCriteriaId": "A4807E76-3324-480C-BF17-85B5C94ED70B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.45:*:*:*:*:*:*:*",
"matchCriteriaId": "65028034-D504-49CF-A62B-827A7F86733E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.45:beta1:*:*:*:*:*:*",
"matchCriteriaId": "9E4CD2D0-66BF-4E95-B3AE-7598902B2C72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.50:*:*:*:*:*:*:*",
"matchCriteriaId": "2163711F-8830-471A-A9AE-C4B90DB1BC4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.50:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CF3D5C9C-05DE-44A1-AEC2-308E87D2E0CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.51:*:*:*:*:*:*:*",
"matchCriteriaId": "7929BFDD-9FA8-422B-945D-6FEC46B89E69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.60:*:*:*:*:*:*:*",
"matchCriteriaId": "5567EF75-2161-4A74-AADE-109B3F0DFD26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.61:*:*:*:*:*:*:*",
"matchCriteriaId": "228B6318-F28A-4CB7-A054-5CB1E1C75048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.62:*:*:*:*:*:*:*",
"matchCriteriaId": "68D7980E-CA09-4A29-9901-47FE92A892E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.63:*:*:*:*:*:*:*",
"matchCriteriaId": "59E43ED2-A943-4D8C-AAD2-189647073814",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.63:beta1:*:*:*:*:*:*",
"matchCriteriaId": "F2C5C37A-8952-47E9-A081-A0EBDC7E7AF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.64:*:*:*:*:*:*:*",
"matchCriteriaId": "C04580AF-8B83-4F0C-BD04-DCCA1BAB8F1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:4.8.00:*:*:*:*:*:*:*",
"matchCriteriaId": "05AA74BB-D481-46E1-A609-C15DDA6958F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:7.8.00:*:*:*:*:*:*:*",
"matchCriteriaId": "9300ECD3-C10E-49D3-8E37-4850635B3290",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:8.8.00:*:*:*:*:*:*:*",
"matchCriteriaId": "94C93EEC-EEF2-416A-97ED-EAEBBFB883C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:9.8.00:*:*:*:*:*:*:*",
"matchCriteriaId": "BA1CB1EB-9BA8-445C-A322-741461CD4D45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:10.8.00:*:*:*:*:*:*:*",
"matchCriteriaId": "38294648-4298-48EE-9331-50585A97C6E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:11.8.00:*:*:*:*:*:*:*",
"matchCriteriaId": "D4ED869A-4880-4D99-9138-429D07DF778C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:14.8.00:*:*:*:*:*:*:*",
"matchCriteriaId": "4E5A892B-8A11-4E5B-B5A2-837FC7295B47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:16.8.00:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0DCD82-24F9-4212-8AD6-340726E26C24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:17.8.00:*:*:*:*:*:*:*",
"matchCriteriaId": "9BB2AF8C-B1AC-4164-A389-EC8F1493FE81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:18.8.00:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D4DABA-CDA4-4742-AD39-F48590D8A7C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:21.8.00:*:*:*:*:*:*:*",
"matchCriteriaId": "F6771A58-D40C-456B-BF6A-282E8CF291FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:31.07.00:*:*:*:*:*:*:*",
"matchCriteriaId": "F396853A-7D77-44E2-9C51-E6FD65843871",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Support Incident Tracker (SiT!) 3.65 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter to index.php, which is not properly handled in an error message."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en Support Incident Tracker (SiT!) v3.65 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro id de index.php, que no se maneja adecuadamente, en un mensaje de error."
}
],
"id": "CVE-2012-2235",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-05-27T19:55:01.140",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-012.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-012.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-02 14:16
Modified
2024-11-21 04:38
Severity ?
Summary
In Support Incident Tracker (SiT!) 3.67, Load Plugins input in the config.php page is affected by XSS. The XSS payload is, for example, executed on the about.php page.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in-plugin.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in-plugin.html | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sitracker | support_incident_tracker | 3.67 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.67:*:*:*:*:*:*:*",
"matchCriteriaId": "5883EF45-2F40-4F10-91D6-CD6F827C04A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Support Incident Tracker (SiT!) 3.67, Load Plugins input in the config.php page is affected by XSS. The XSS payload is, for example, executed on the about.php page."
},
{
"lang": "es",
"value": "En Support Incident Tracker (SiT!) versi\u00f3n 3.67, la entrada Load Plugins en la p\u00e1gina config.php esta afectada por una vulnerabilidad de tipo XSS. La carga \u00fatil de XSS es ejecutada, por ejemplo, en la p\u00e1gina about.php"
}
],
"id": "CVE-2019-20221",
"lastModified": "2024-11-21T04:38:14.273",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-02T14:16:36.863",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in-plugin.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in-plugin.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-01-29 11:55
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to inject arbitrary web script or HTML via the (1) mode parameter to contact_support.php; (2) contractid parameter to contract_add_service.php; (3) user parameter to edit_backup_users.php; (4) id parameter to edit_escalation_path.php; the Referer to (5) forgotpwd.php, (6) an approvalpage action to billable_incidents.php, or (7) transactions.php; (8) action parameter to inbox.php; (9) search_string parameter in a findcontact action to incident_add.php; table1 parameter to (10) report_customers.php, (11) report_incidents_by_engineer.php, (12) report_incidents_by_site.php, or (13) report_marketing.php; or the (14) startdate or (15) enddate parameter to report_incidents_by_vendor.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F5AE87A-44D1-4845-BA05-1E7BD8C44121",
"versionEndIncluding": "3.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "48854537-091C-4350-A42E-8E6AA19A4C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.21:*:*:*:*:*:*:*",
"matchCriteriaId": "5C5F688E-5CF7-4D74-ACC6-A3310529FFB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.22:*:*:*:*:*:*:*",
"matchCriteriaId": "26752759-E802-4CBC-9D73-2665A4AABF51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.22pl1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A1A041-E0FC-41C2-A170-15A03C31FD5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.23:*:*:*:*:*:*:*",
"matchCriteriaId": "A2EECD19-D7EA-4C64-A722-F0C4285092BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.24:*:*:*:*:*:*:*",
"matchCriteriaId": "9B0CDF97-86B3-4353-B7FE-8E524788E615",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.24:beta-2:*:*:*:*:*:*",
"matchCriteriaId": "0ECEEB33-FE66-48FF-8945-ACC6A51E8FE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.30:*:*:*:*:*:*:*",
"matchCriteriaId": "C2EDE9CA-3535-4EFC-AF2B-101AAAA25D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.30:beta2:*:*:*:*:*:*",
"matchCriteriaId": "560B6249-9370-41BC-AC17-85E3964919CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.31:*:*:*:*:*:*:*",
"matchCriteriaId": "068E4B44-0486-45B7-9194-9AC224EF3714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.32:*:*:*:*:*:*:*",
"matchCriteriaId": "C845FDFC-03AD-4411-8E1B-C7CC975DBDCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.33:*:*:*:*:*:*:*",
"matchCriteriaId": "A0DCEAC2-620C-4D5E-8B2B-E9D86A6DE9E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.35:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8376FA-2673-4E32-9243-8B9F4D88213B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.35:beta1:*:*:*:*:*:*",
"matchCriteriaId": "1BD96791-2932-427C-97AC-423D1908BE94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.36:*:*:*:*:*:*:*",
"matchCriteriaId": "9D186C4D-695B-44CD-95AD-51D53C611228",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.40:*:*:*:*:*:*:*",
"matchCriteriaId": "37E94F89-16DC-42B1-BD43-D51D7D7C5790",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.40:beta1:*:*:*:*:*:*",
"matchCriteriaId": "C890346E-9282-4452-9965-34D2D07A60DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.41:*:*:*:*:*:*:*",
"matchCriteriaId": "19750A35-2A26-40B7-B4D7-63E5D6775C73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.45:*:*:*:*:*:*:*",
"matchCriteriaId": "65028034-D504-49CF-A62B-827A7F86733E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.45:beta1:*:*:*:*:*:*",
"matchCriteriaId": "9E4CD2D0-66BF-4E95-B3AE-7598902B2C72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.50:*:*:*:*:*:*:*",
"matchCriteriaId": "2163711F-8830-471A-A9AE-C4B90DB1BC4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.50:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CF3D5C9C-05DE-44A1-AEC2-308E87D2E0CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.51:*:*:*:*:*:*:*",
"matchCriteriaId": "7929BFDD-9FA8-422B-945D-6FEC46B89E69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.60:*:*:*:*:*:*:*",
"matchCriteriaId": "5567EF75-2161-4A74-AADE-109B3F0DFD26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.61:*:*:*:*:*:*:*",
"matchCriteriaId": "228B6318-F28A-4CB7-A054-5CB1E1C75048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.62:*:*:*:*:*:*:*",
"matchCriteriaId": "68D7980E-CA09-4A29-9901-47FE92A892E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.63:*:*:*:*:*:*:*",
"matchCriteriaId": "59E43ED2-A943-4D8C-AAD2-189647073814",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.63:beta1:*:*:*:*:*:*",
"matchCriteriaId": "F2C5C37A-8952-47E9-A081-A0EBDC7E7AF6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to inject arbitrary web script or HTML via the (1) mode parameter to contact_support.php; (2) contractid parameter to contract_add_service.php; (3) user parameter to edit_backup_users.php; (4) id parameter to edit_escalation_path.php; the Referer to (5) forgotpwd.php, (6) an approvalpage action to billable_incidents.php, or (7) transactions.php; (8) action parameter to inbox.php; (9) search_string parameter in a findcontact action to incident_add.php; table1 parameter to (10) report_customers.php, (11) report_incidents_by_engineer.php, (12) report_incidents_by_site.php, or (13) report_marketing.php; or the (14) startdate or (15) enddate parameter to report_incidents_by_vendor.php."
},
{
"lang": "es",
"value": "Varias vulnerabilidades de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en el Support Incident Tracker (SIT) antes de v3.65 permiten a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de (1) el par\u00e1metro \u0027mode\u0027 a contact_support.php, (2) el par\u00e1metro contractid a contract_add_service.php, (3) el par\u00e1metro \u0027user\u0027 a edit_backup_users.php, (4) el par\u00e1metro \u0027id\u0027 a edit_escalation_path.php; el Referer a (5) forgotpwd.php, (6) una acci\u00f3n approvalpage a billable_incidents.php o (7) transactions.php; (8) el par\u00e1metro \u0027action\u0027 para inbox.php; (9) el par\u00e1metro search_string en una acci\u00f3n findcontact a incident_add.php; el par\u00e1metro table1 a (10) report_customers.php, (11) report_incidents_by_engineer.php, (12) report_incidents_by_site.php, o (13) report_marketing.php, o el par\u00e1metro (14) startdate o (15) enddate a report_incidents_by_vendor.php."
}
],
"id": "CVE-2011-5073",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-01-29T11:55:02.267",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46019"
},
{
"source": "cve@mitre.org",
"url": "http://sitracker.org/wiki/ReleaseNotes365"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/519636"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sitracker.org/wiki/ReleaseNotes365"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/519636"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-01-29 04:04
Modified
2025-04-11 00:51
Severity ?
Summary
Unrestricted file upload vulnerability in ftp_upload_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in an unspecified directory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sitracker | support_incident_tracker | 3.65 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.65:*:*:*:*:*:*:*",
"matchCriteriaId": "691D701C-AEA0-400C-92E9-DAE772E1CBB1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in ftp_upload_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in an unspecified directory."
},
{
"lang": "es",
"value": "Una vulnerabildad de subida de archivos sin restricciones en ftp_upload_file.php en Support Incident Tracker (SIT!) v3.65 permite a usuarios remotos autenticados ejecutar c\u00f3digo PHP de su elecci\u00f3n mediante la subida de un archivo PHP, para luego acceder a \u00e9l a trav\u00e9s de una solicitud directa al archivo en un directorio especificado."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/434.html\r\n\r\n\u0027CWE-434: Unrestricted Upload of File with Dangerous Type\u0027",
"id": "CVE-2011-3833",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-01-29T04:04:44.593",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/files/106933/sit_file_upload.rb.txt"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45453"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2011-79/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18108"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/576355"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.osvdb.org/77003"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/50632"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/50896"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71237"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/files/106933/sit_file_upload.rb.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45453"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2011-79/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/576355"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/77003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/50632"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/50896"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71237"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71651"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-01-29 04:04
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Support Incident Tracker (aka SiT!) 3.65 allow remote attackers to hijack the authentication of user for requests that delete a user via user_delete.php and other unspecified programs.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sitracker | support_incident_tracker | 3.65 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.65:*:*:*:*:*:*:*",
"matchCriteriaId": "691D701C-AEA0-400C-92E9-DAE772E1CBB1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Support Incident Tracker (aka SiT!) 3.65 allow remote attackers to hijack the authentication of user for requests that delete a user via user_delete.php and other unspecified programs."
},
{
"lang": "es",
"value": "Varias vulnerabilidades de falsificaci\u00f3n de solicitudes en sitios cruzados(CSRF) en el Support Incident Tracker (tambi\u00e9n cnocido como SIT!) v3.65 permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuario para las solicitudes de eliminaci\u00f3n de un usuario a trav\u00e9s de user_delete.php y otros programas no especificados."
}
],
"id": "CVE-2011-5068",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-01-29T04:04:44.687",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/show/osvdb/77657"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45437"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/576355"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/50896"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71653"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/show/osvdb/77657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45437"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/576355"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/50896"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71653"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-01-29 11:55
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to execute arbitrary SQL commands via the (1) start parameter to portal/kb.php; (2) contractid parameter to contract_add_service.php; (3) id parameter to edit_escalation_path.php; (4) unlock, (5) lock, or (6) selected parameter to holding_queue.php; inc parameter in a report action to (7) report_customers.php or (8) report_incidents_by_site.php; (9) start parameter to search.php; or (10) sites parameter to transactions.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F5AE87A-44D1-4845-BA05-1E7BD8C44121",
"versionEndIncluding": "3.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "48854537-091C-4350-A42E-8E6AA19A4C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.21:*:*:*:*:*:*:*",
"matchCriteriaId": "5C5F688E-5CF7-4D74-ACC6-A3310529FFB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.22:*:*:*:*:*:*:*",
"matchCriteriaId": "26752759-E802-4CBC-9D73-2665A4AABF51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.22pl1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A1A041-E0FC-41C2-A170-15A03C31FD5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.23:*:*:*:*:*:*:*",
"matchCriteriaId": "A2EECD19-D7EA-4C64-A722-F0C4285092BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.24:*:*:*:*:*:*:*",
"matchCriteriaId": "9B0CDF97-86B3-4353-B7FE-8E524788E615",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.24:beta-2:*:*:*:*:*:*",
"matchCriteriaId": "0ECEEB33-FE66-48FF-8945-ACC6A51E8FE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.30:*:*:*:*:*:*:*",
"matchCriteriaId": "C2EDE9CA-3535-4EFC-AF2B-101AAAA25D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.30:beta2:*:*:*:*:*:*",
"matchCriteriaId": "560B6249-9370-41BC-AC17-85E3964919CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.31:*:*:*:*:*:*:*",
"matchCriteriaId": "068E4B44-0486-45B7-9194-9AC224EF3714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.32:*:*:*:*:*:*:*",
"matchCriteriaId": "C845FDFC-03AD-4411-8E1B-C7CC975DBDCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.33:*:*:*:*:*:*:*",
"matchCriteriaId": "A0DCEAC2-620C-4D5E-8B2B-E9D86A6DE9E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.35:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8376FA-2673-4E32-9243-8B9F4D88213B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.35:beta1:*:*:*:*:*:*",
"matchCriteriaId": "1BD96791-2932-427C-97AC-423D1908BE94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.36:*:*:*:*:*:*:*",
"matchCriteriaId": "9D186C4D-695B-44CD-95AD-51D53C611228",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.40:*:*:*:*:*:*:*",
"matchCriteriaId": "37E94F89-16DC-42B1-BD43-D51D7D7C5790",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.40:beta1:*:*:*:*:*:*",
"matchCriteriaId": "C890346E-9282-4452-9965-34D2D07A60DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.41:*:*:*:*:*:*:*",
"matchCriteriaId": "19750A35-2A26-40B7-B4D7-63E5D6775C73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.45:*:*:*:*:*:*:*",
"matchCriteriaId": "65028034-D504-49CF-A62B-827A7F86733E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.45:beta1:*:*:*:*:*:*",
"matchCriteriaId": "9E4CD2D0-66BF-4E95-B3AE-7598902B2C72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.50:*:*:*:*:*:*:*",
"matchCriteriaId": "2163711F-8830-471A-A9AE-C4B90DB1BC4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.50:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CF3D5C9C-05DE-44A1-AEC2-308E87D2E0CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.51:*:*:*:*:*:*:*",
"matchCriteriaId": "7929BFDD-9FA8-422B-945D-6FEC46B89E69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.60:*:*:*:*:*:*:*",
"matchCriteriaId": "5567EF75-2161-4A74-AADE-109B3F0DFD26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.61:*:*:*:*:*:*:*",
"matchCriteriaId": "228B6318-F28A-4CB7-A054-5CB1E1C75048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.62:*:*:*:*:*:*:*",
"matchCriteriaId": "68D7980E-CA09-4A29-9901-47FE92A892E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.63:*:*:*:*:*:*:*",
"matchCriteriaId": "59E43ED2-A943-4D8C-AAD2-189647073814",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.63:beta1:*:*:*:*:*:*",
"matchCriteriaId": "F2C5C37A-8952-47E9-A081-A0EBDC7E7AF6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to execute arbitrary SQL commands via the (1) start parameter to portal/kb.php; (2) contractid parameter to contract_add_service.php; (3) id parameter to edit_escalation_path.php; (4) unlock, (5) lock, or (6) selected parameter to holding_queue.php; inc parameter in a report action to (7) report_customers.php or (8) report_incidents_by_site.php; (9) start parameter to search.php; or (10) sites parameter to transactions.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en el Support Incident Tracker (SIT) antes de v3.65 permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de (1) el par\u00e1metro start a portal/kb.php, (2) el par\u00e1metro contractid a contract_add_service.php, (3) el par\u00e1metro \u0027id\u0027 a edit_escalation_path.php, los par\u00e1metros (4) unlock (5), lock o (6) selected a holding_queue.php, el par\u00e1metro \u0027inc\u0027 en una acci\u00f3n \u0027report\u0027 a (7) report_incidents_by_site.php o (8) report_customers.php; (9) el par\u00e1metro \u0027start\u0027 a search.php, o (10) el par\u00e1metro sites a transactions.php."
}
],
"id": "CVE-2011-5072",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-01-29T11:55:02.187",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46019"
},
{
"source": "cve@mitre.org",
"url": "http://sitracker.org/wiki/ReleaseNotes365"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/519636"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sitracker.org/wiki/ReleaseNotes365"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/519636"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-01-29 11:55
Modified
2025-04-11 00:51
Severity ?
Summary
Static code injection vulnerability in translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to inject arbitrary PHP code into an executable language file in the i18n directory via the lang variable.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sitracker | support_incident_tracker | 3.6 | |
| sitracker | support_incident_tracker | 3.45 | |
| sitracker | support_incident_tracker | 3.45 | |
| sitracker | support_incident_tracker | 3.50 | |
| sitracker | support_incident_tracker | 3.50 | |
| sitracker | support_incident_tracker | 3.51 | |
| sitracker | support_incident_tracker | 3.60 | |
| sitracker | support_incident_tracker | 3.61 | |
| sitracker | support_incident_tracker | 3.62 | |
| sitracker | support_incident_tracker | 3.63 | |
| sitracker | support_incident_tracker | 3.63 | |
| sitracker | support_incident_tracker | 3.64 | |
| sitracker | support_incident_tracker | 3.65 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "48854537-091C-4350-A42E-8E6AA19A4C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.45:*:*:*:*:*:*:*",
"matchCriteriaId": "65028034-D504-49CF-A62B-827A7F86733E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.45:beta1:*:*:*:*:*:*",
"matchCriteriaId": "9E4CD2D0-66BF-4E95-B3AE-7598902B2C72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.50:*:*:*:*:*:*:*",
"matchCriteriaId": "2163711F-8830-471A-A9AE-C4B90DB1BC4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.50:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CF3D5C9C-05DE-44A1-AEC2-308E87D2E0CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.51:*:*:*:*:*:*:*",
"matchCriteriaId": "7929BFDD-9FA8-422B-945D-6FEC46B89E69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.60:*:*:*:*:*:*:*",
"matchCriteriaId": "5567EF75-2161-4A74-AADE-109B3F0DFD26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.61:*:*:*:*:*:*:*",
"matchCriteriaId": "228B6318-F28A-4CB7-A054-5CB1E1C75048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.62:*:*:*:*:*:*:*",
"matchCriteriaId": "68D7980E-CA09-4A29-9901-47FE92A892E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.63:*:*:*:*:*:*:*",
"matchCriteriaId": "59E43ED2-A943-4D8C-AAD2-189647073814",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.63:beta1:*:*:*:*:*:*",
"matchCriteriaId": "F2C5C37A-8952-47E9-A081-A0EBDC7E7AF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.64:*:*:*:*:*:*:*",
"matchCriteriaId": "C04580AF-8B83-4F0C-BD04-DCCA1BAB8F1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.65:*:*:*:*:*:*:*",
"matchCriteriaId": "691D701C-AEA0-400C-92E9-DAE772E1CBB1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Static code injection vulnerability in translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to inject arbitrary PHP code into an executable language file in the i18n directory via the lang variable."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n de c\u00f3digo est\u00e1tico en translate.php en el Support Incident Tracker (tambi\u00e9n conocido como SIT!) v3.45 a v3.65 permite a atacantes remotos inyectar c\u00f3digo PHP de su elecci\u00f3n en un archivo de idioma ejecutable en el directorio i18n a trav\u00e9s de la variable \u0027lang\u0027."
}
],
"id": "CVE-2011-4337",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-01-29T11:55:01.830",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://bugs.sitracker.org/view.php?id=1737"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18132/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2011/11/22/3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/520577"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://bugs.sitracker.org/view.php?id=1737"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18132/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2011/11/22/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/520577"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-01-29 04:04
Modified
2025-04-11 00:51
Severity ?
Summary
move_uploaded_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to obtain sensitive information via the file name, which reveals the installation path in an error message.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.kb.cert.org/vuls/id/576355 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/576355 | US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sitracker | support_incident_tracker | 3.65 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.65:*:*:*:*:*:*:*",
"matchCriteriaId": "691D701C-AEA0-400C-92E9-DAE772E1CBB1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "move_uploaded_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to obtain sensitive information via the file name, which reveals the installation path in an error message."
},
{
"lang": "es",
"value": "move_uploaded_file.php en Support Incident Tracker (SIT) v3.65 permite a usuarios remotos autenticados obtener informaci\u00f3n sensible a trav\u00e9s del nombre del archivo, lo cual revela la ruta de instalaci\u00f3n en un mensaje de error."
}
],
"id": "CVE-2011-5067",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-01-29T04:04:44.640",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/576355"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/576355"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-10-23 17:46
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple unspecified vulnerabilities in Salford Software Support Incident Tracker (SiT!) before 3.30 have unknown impact and attack vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82C7CE1C-D911-40A5-BE77-AE74A25D12B1",
"versionEndIncluding": "3.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:1.8.00:*:*:*:*:*:*:*",
"matchCriteriaId": "50D641D2-158D-4570-B2E4-FFCF63A942DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:2.8.00:*:*:*:*:*:*:*",
"matchCriteriaId": "CD0D1949-AB42-462D-A348-F9CDCDCFF9C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.00:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA68017-3E7C-4393-86F6-8E42EB0F3549",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.00:beta1:*:*:*:*:*:*",
"matchCriteriaId": "F04128DD-1BBB-47B0-8CAC-8DBDFE647046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.00:beta2:*:*:*:*:*:*",
"matchCriteriaId": "6F228481-19D5-4E98-933F-5D1C5CC20008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.00:beta3:*:*:*:*:*:*",
"matchCriteriaId": "7A085965-4106-40BB-9374-374986E88AB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.01:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA97C93-F0DA-43DA-8BA2-706A1E541D97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.02:*:*:*:*:*:*:*",
"matchCriteriaId": "194634B9-5EBF-4365-ADFB-BD56D6DBA827",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.03:*:*:*:*:*:*:*",
"matchCriteriaId": "93CE290D-A031-40BB-AB85-9911C0F438FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.03a:*:*:*:*:*:*:*",
"matchCriteriaId": "4E2CF1C2-DBCE-416A-9C0F-DC19BF7161F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.04a:*:*:*:*:*:*:*",
"matchCriteriaId": "E08CC85C-7D41-493D-BC81-A898EDE83B54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.05:*:*:*:*:*:*:*",
"matchCriteriaId": "8A0AD14E-31D8-4DA2-94D2-D7C3BFCE3396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.06:*:*:*:*:*:*:*",
"matchCriteriaId": "2273ED90-763F-45BD-81B2-E20B5A011DEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.07:*:*:*:*:*:*:*",
"matchCriteriaId": "A4807E76-3324-480C-BF17-85B5C94ED70B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.07.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D522A5DE-D7D2-4CD4-B7D6-6B755519E912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.07.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EF4AC591-4928-4421-A548-22D035787A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.07.3:*:*:*:*:*:*:*",
"matchCriteriaId": "04AA4F97-FDA8-4CFA-BE92-C623806B4A71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.08:*:*:*:*:*:*:*",
"matchCriteriaId": "6C65EB3E-845C-4FD3-B6E9-0929171D57CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.08.1:alpha:*:*:*:*:*:*",
"matchCriteriaId": "1015EED1-30C8-4347-84C6-A357163BBC86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.09:*:*:*:*:*:*:*",
"matchCriteriaId": "90C21F7A-2687-4D2B-A70E-3EAF0DE22195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7D19ED38-F333-4C38-B45B-FAD5F4EF9C9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E9DD8CDB-FF21-4154-8A76-395933634634",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "148C8BE2-270B-4E51-916C-EAD40CE549AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C3005328-AF78-44FD-B59D-AC953785025A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "47E1FB9B-E521-464E-8435-861035E6A5BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "A258DCC8-E72E-44B9-BAD1-511B421BC82C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "797E3EB6-38BA-45CA-8593-4726D8CF608D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "45DD490B-6724-4B2C-BC96-93B82ECF3654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.19:*:*:*:*:*:*:*",
"matchCriteriaId": "2C78A070-939B-4B26-AE62-520DE4C59B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "83B4876D-D439-48BE-88B1-CD2560FDF1AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.21:*:*:*:*:*:*:*",
"matchCriteriaId": "5C5F688E-5CF7-4D74-ACC6-A3310529FFB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.22:*:*:*:*:*:*:*",
"matchCriteriaId": "26752759-E802-4CBC-9D73-2665A4AABF51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.22pl1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A1A041-E0FC-41C2-A170-15A03C31FD5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.23:*:*:*:*:*:*:*",
"matchCriteriaId": "A2EECD19-D7EA-4C64-A722-F0C4285092BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.24:beta-2:*:*:*:*:*:*",
"matchCriteriaId": "0ECEEB33-FE66-48FF-8945-ACC6A51E8FE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.24:beta2:*:*:*:*:*:*",
"matchCriteriaId": "E4A98A90-3328-4EC1-9B24-075BECB77E80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:10.8.00:*:*:*:*:*:*:*",
"matchCriteriaId": "38294648-4298-48EE-9331-50585A97C6E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:11.8.00:*:*:*:*:*:*:*",
"matchCriteriaId": "D4ED869A-4880-4D99-9138-429D07DF778C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:14.8.00:*:*:*:*:*:*:*",
"matchCriteriaId": "4E5A892B-8A11-4E5B-B5A2-837FC7295B47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:16.8.00:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0DCD82-24F9-4212-8AD6-340726E26C24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:17.8.00:*:*:*:*:*:*:*",
"matchCriteriaId": "9BB2AF8C-B1AC-4164-A389-EC8F1493FE81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:18.8.00:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D4DABA-CDA4-4742-AD39-F48590D8A7C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:21.8.00:*:*:*:*:*:*:*",
"matchCriteriaId": "F6771A58-D40C-456B-BF6A-282E8CF291FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in Salford Software Support Incident Tracker (SiT!) before 3.30 have unknown impact and attack vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades no especificadas en Salford Software Support Incident Tracker (SiT!) anterior a 3.30 tienen un impacto desconocido y vectores de ataque."
}
],
"id": "CVE-2007-5635",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-10-23T17:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27226"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=547027"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/26151"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27226"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=547027"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/26151"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-01-29 04:04
Modified
2025-04-11 00:51
Severity ?
Summary
Eval injection vulnerability in config.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated administrators to execute arbitrary PHP code via the application_name parameter in a save action.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sitracker | support_incident_tracker | 3.65 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.65:*:*:*:*:*:*:*",
"matchCriteriaId": "691D701C-AEA0-400C-92E9-DAE772E1CBB1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Eval injection vulnerability in config.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated administrators to execute arbitrary PHP code via the application_name parameter in a save action."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n mediante Eval en config.php en Support Incident Tracker (SIT!) v3.65 permite a los administradores remotos autenticados ejecutar c\u00f3digo PHP de su elecci\u00f3n a trav\u00e9s del par\u00e1metro application_name en una acci\u00f3n de guardar (save)."
}
],
"id": "CVE-2011-3832",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-01-29T04:04:44.533",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45453"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2011-78/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.osvdb.org/77002"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/50632"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71236"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45453"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2011-78/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/77002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/50632"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71236"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-01-29 04:04
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in search.php in Support Incident Tracker (aka SiT!) 3.65 allows remote attackers to inject arbitrary web script or HTML via the search_string parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sitracker | support_incident_tracker | 3.65 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.65:*:*:*:*:*:*:*",
"matchCriteriaId": "691D701C-AEA0-400C-92E9-DAE772E1CBB1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in search.php in Support Incident Tracker (aka SiT!) 3.65 allows remote attackers to inject arbitrary web script or HTML via the search_string parameter."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en search.php en Support Incident Tracker v3.65 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro SEARCH_STRING."
}
],
"id": "CVE-2011-3830",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-01-29T04:04:44.437",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45453"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2011-76/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.osvdb.org/77000"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/50632"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71234"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45453"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2011-76/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/77000"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/50632"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71234"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-01-29 11:55
Modified
2025-04-11 00:51
Severity ?
Summary
translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to obtain sensitive information via a direct request using the save action, which reveals the installation path.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sitracker | support_incident_tracker | 3.6 | |
| sitracker | support_incident_tracker | 3.45 | |
| sitracker | support_incident_tracker | 3.45 | |
| sitracker | support_incident_tracker | 3.50 | |
| sitracker | support_incident_tracker | 3.50 | |
| sitracker | support_incident_tracker | 3.51 | |
| sitracker | support_incident_tracker | 3.60 | |
| sitracker | support_incident_tracker | 3.61 | |
| sitracker | support_incident_tracker | 3.62 | |
| sitracker | support_incident_tracker | 3.63 | |
| sitracker | support_incident_tracker | 3.63 | |
| sitracker | support_incident_tracker | 3.64 | |
| sitracker | support_incident_tracker | 3.65 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "48854537-091C-4350-A42E-8E6AA19A4C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.45:*:*:*:*:*:*:*",
"matchCriteriaId": "65028034-D504-49CF-A62B-827A7F86733E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.45:beta1:*:*:*:*:*:*",
"matchCriteriaId": "9E4CD2D0-66BF-4E95-B3AE-7598902B2C72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.50:*:*:*:*:*:*:*",
"matchCriteriaId": "2163711F-8830-471A-A9AE-C4B90DB1BC4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.50:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CF3D5C9C-05DE-44A1-AEC2-308E87D2E0CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.51:*:*:*:*:*:*:*",
"matchCriteriaId": "7929BFDD-9FA8-422B-945D-6FEC46B89E69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.60:*:*:*:*:*:*:*",
"matchCriteriaId": "5567EF75-2161-4A74-AADE-109B3F0DFD26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.61:*:*:*:*:*:*:*",
"matchCriteriaId": "228B6318-F28A-4CB7-A054-5CB1E1C75048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.62:*:*:*:*:*:*:*",
"matchCriteriaId": "68D7980E-CA09-4A29-9901-47FE92A892E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.63:*:*:*:*:*:*:*",
"matchCriteriaId": "59E43ED2-A943-4D8C-AAD2-189647073814",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.63:beta1:*:*:*:*:*:*",
"matchCriteriaId": "F2C5C37A-8952-47E9-A081-A0EBDC7E7AF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.64:*:*:*:*:*:*:*",
"matchCriteriaId": "C04580AF-8B83-4F0C-BD04-DCCA1BAB8F1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.65:*:*:*:*:*:*:*",
"matchCriteriaId": "691D701C-AEA0-400C-92E9-DAE772E1CBB1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to obtain sensitive information via a direct request using the save action, which reveals the installation path."
},
{
"lang": "es",
"value": "translate.php en Support Incident Tracker (Tambi\u00e9n conocido como SIT) v3.45 a v3.65 permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de una solicitud directa usando la acci\u00f3n de guardar (save), lo cual revela la ruta de instalaci\u00f3n."
}
],
"id": "CVE-2011-5075",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-01-29T11:55:02.640",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://bugs.sitracker.org/view.php?id=1737"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18132/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2011/11/22/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/520577"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://bugs.sitracker.org/view.php?id=1737"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18132/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2011/11/22/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/520577"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-04-28 23:30
Modified
2025-04-11 00:51
Severity ?
Summary
Support Incident Tracker before 3.51, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96DFFA05-9CEF-4983-82E5-74AAC2847485",
"versionEndIncluding": "3.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.21:*:*:*:*:*:*:*",
"matchCriteriaId": "5C5F688E-5CF7-4D74-ACC6-A3310529FFB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.22:*:*:*:*:*:*:*",
"matchCriteriaId": "26752759-E802-4CBC-9D73-2665A4AABF51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.22pl1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A1A041-E0FC-41C2-A170-15A03C31FD5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.23:*:*:*:*:*:*:*",
"matchCriteriaId": "A2EECD19-D7EA-4C64-A722-F0C4285092BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.24:*:*:*:*:*:*:*",
"matchCriteriaId": "9B0CDF97-86B3-4353-B7FE-8E524788E615",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.24:beta-2:*:*:*:*:*:*",
"matchCriteriaId": "0ECEEB33-FE66-48FF-8945-ACC6A51E8FE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.30:*:*:*:*:*:*:*",
"matchCriteriaId": "C2EDE9CA-3535-4EFC-AF2B-101AAAA25D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.30:beta2:*:*:*:*:*:*",
"matchCriteriaId": "560B6249-9370-41BC-AC17-85E3964919CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.31:*:*:*:*:*:*:*",
"matchCriteriaId": "068E4B44-0486-45B7-9194-9AC224EF3714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.32:*:*:*:*:*:*:*",
"matchCriteriaId": "C845FDFC-03AD-4411-8E1B-C7CC975DBDCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.33:*:*:*:*:*:*:*",
"matchCriteriaId": "A0DCEAC2-620C-4D5E-8B2B-E9D86A6DE9E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.35:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8376FA-2673-4E32-9243-8B9F4D88213B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.35:beta1:*:*:*:*:*:*",
"matchCriteriaId": "1BD96791-2932-427C-97AC-423D1908BE94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.36:*:*:*:*:*:*:*",
"matchCriteriaId": "9D186C4D-695B-44CD-95AD-51D53C611228",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.40:*:*:*:*:*:*:*",
"matchCriteriaId": "37E94F89-16DC-42B1-BD43-D51D7D7C5790",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.40:beta1:*:*:*:*:*:*",
"matchCriteriaId": "C890346E-9282-4452-9965-34D2D07A60DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.41:*:*:*:*:*:*:*",
"matchCriteriaId": "19750A35-2A26-40B7-B4D7-63E5D6775C73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.45:*:*:*:*:*:*:*",
"matchCriteriaId": "65028034-D504-49CF-A62B-827A7F86733E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.45:beta1:*:*:*:*:*:*",
"matchCriteriaId": "9E4CD2D0-66BF-4E95-B3AE-7598902B2C72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.50:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CF3D5C9C-05DE-44A1-AEC2-308E87D2E0CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Support Incident Tracker before 3.51, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password."
},
{
"lang": "es",
"value": "Support Incident Tracker anterior a v3.51, cuando utilizando autenticaci\u00f3n LDAP con imposiciones an\u00f3nimas,permite a atacantes remotos evitar la autenticaci\u00f3n a trav\u00e9s de una contrase\u00f1a vac\u00eda."
}
],
"id": "CVE-2010-1596",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-04-28T23:30:00.697",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.sitracker.org/view.php?id=1047"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/61945"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38329"
},
{
"source": "cve@mitre.org",
"url": "http://sitracker.org/forum/viewtopic.php?f=4\u0026t=1416979\u0026p=2292"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sitracker.org/wiki/ReleaseNotes351"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/37949"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.sitracker.org/view.php?id=1047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/61945"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sitracker.org/forum/viewtopic.php?f=4\u0026t=1416979\u0026p=2292"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sitracker.org/wiki/ReleaseNotes351"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37949"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55871"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-01-29 11:55
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to hijack the authentication of administrators for requests that change administrator email, add a new administrator, or insert arbitrary script via (1) user_profile_edit.php or (2) user_add.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F5AE87A-44D1-4845-BA05-1E7BD8C44121",
"versionEndIncluding": "3.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "48854537-091C-4350-A42E-8E6AA19A4C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.21:*:*:*:*:*:*:*",
"matchCriteriaId": "5C5F688E-5CF7-4D74-ACC6-A3310529FFB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.22:*:*:*:*:*:*:*",
"matchCriteriaId": "26752759-E802-4CBC-9D73-2665A4AABF51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.22pl1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A1A041-E0FC-41C2-A170-15A03C31FD5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.23:*:*:*:*:*:*:*",
"matchCriteriaId": "A2EECD19-D7EA-4C64-A722-F0C4285092BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.24:*:*:*:*:*:*:*",
"matchCriteriaId": "9B0CDF97-86B3-4353-B7FE-8E524788E615",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.24:beta-2:*:*:*:*:*:*",
"matchCriteriaId": "0ECEEB33-FE66-48FF-8945-ACC6A51E8FE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.30:*:*:*:*:*:*:*",
"matchCriteriaId": "C2EDE9CA-3535-4EFC-AF2B-101AAAA25D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.30:beta2:*:*:*:*:*:*",
"matchCriteriaId": "560B6249-9370-41BC-AC17-85E3964919CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.31:*:*:*:*:*:*:*",
"matchCriteriaId": "068E4B44-0486-45B7-9194-9AC224EF3714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.32:*:*:*:*:*:*:*",
"matchCriteriaId": "C845FDFC-03AD-4411-8E1B-C7CC975DBDCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.33:*:*:*:*:*:*:*",
"matchCriteriaId": "A0DCEAC2-620C-4D5E-8B2B-E9D86A6DE9E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.35:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8376FA-2673-4E32-9243-8B9F4D88213B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.35:beta1:*:*:*:*:*:*",
"matchCriteriaId": "1BD96791-2932-427C-97AC-423D1908BE94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.36:*:*:*:*:*:*:*",
"matchCriteriaId": "9D186C4D-695B-44CD-95AD-51D53C611228",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.40:*:*:*:*:*:*:*",
"matchCriteriaId": "37E94F89-16DC-42B1-BD43-D51D7D7C5790",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.40:beta1:*:*:*:*:*:*",
"matchCriteriaId": "C890346E-9282-4452-9965-34D2D07A60DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.41:*:*:*:*:*:*:*",
"matchCriteriaId": "19750A35-2A26-40B7-B4D7-63E5D6775C73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.45:*:*:*:*:*:*:*",
"matchCriteriaId": "65028034-D504-49CF-A62B-827A7F86733E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.45:beta1:*:*:*:*:*:*",
"matchCriteriaId": "9E4CD2D0-66BF-4E95-B3AE-7598902B2C72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.50:*:*:*:*:*:*:*",
"matchCriteriaId": "2163711F-8830-471A-A9AE-C4B90DB1BC4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.50:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CF3D5C9C-05DE-44A1-AEC2-308E87D2E0CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.51:*:*:*:*:*:*:*",
"matchCriteriaId": "7929BFDD-9FA8-422B-945D-6FEC46B89E69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.60:*:*:*:*:*:*:*",
"matchCriteriaId": "5567EF75-2161-4A74-AADE-109B3F0DFD26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.61:*:*:*:*:*:*:*",
"matchCriteriaId": "228B6318-F28A-4CB7-A054-5CB1E1C75048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.62:*:*:*:*:*:*:*",
"matchCriteriaId": "68D7980E-CA09-4A29-9901-47FE92A892E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.63:*:*:*:*:*:*:*",
"matchCriteriaId": "59E43ED2-A943-4D8C-AAD2-189647073814",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.63:beta1:*:*:*:*:*:*",
"matchCriteriaId": "F2C5C37A-8952-47E9-A081-A0EBDC7E7AF6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to hijack the authentication of administrators for requests that change administrator email, add a new administrator, or insert arbitrary script via (1) user_profile_edit.php or (2) user_add.php."
},
{
"lang": "es",
"value": "Varias vulnerabilidades de falsificaci\u00f3n de solicitudes en sitios cruzados (CSRF) en Support Incident Tracker (Tambi\u00e9n conocido como SiT!) antes de v3.65 permiten a atacantes remotos secuestrar la autenticaci\u00f3n de los administradores para realizar solicitudes de cambio de correo electronico del administrador, de agregaci\u00f3n de un nuevo administrador, o para insertar script de su elecci\u00f3n a trav\u00e9s de (1) user_profile_edit.php o (2) user_add.php."
}
],
"id": "CVE-2011-5074",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-01-29T11:55:02.593",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46019"
},
{
"source": "cve@mitre.org",
"url": "http://sitracker.org/wiki/ReleaseNotes365"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/519636"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sitracker.org/wiki/ReleaseNotes365"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/519636"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-02 14:16
Modified
2024-11-21 04:38
Severity ?
Summary
In Support Incident Tracker (SiT!) 3.67, the id parameter is affected by XSS on all endpoints that use this parameter, a related issue to CVE-2012-2235.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-id.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-id.html | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sitracker | support_incident_tracker | 3.67 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.67:*:*:*:*:*:*:*",
"matchCriteriaId": "5883EF45-2F40-4F10-91D6-CD6F827C04A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Support Incident Tracker (SiT!) 3.67, the id parameter is affected by XSS on all endpoints that use this parameter, a related issue to CVE-2012-2235."
},
{
"lang": "es",
"value": "En Support Incident Tracker (SiT!) versi\u00f3n 3.67, el par\u00e1metro id est\u00e1 afectado por una vulnerabilidad de tipo XSS en todos los endpoints que utilizan este par\u00e1metro, un problema relacionado con CVE-2012-2235"
}
],
"id": "CVE-2019-20223",
"lastModified": "2024-11-21T04:38:14.550",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-02T14:16:36.987",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-id.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-id.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-01-29 04:04
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.64 allow remote attackers to execute arbitrary SQL commands via the (1) exc[] parameter to report_marketing.php, (2) selected[] parameter to tasks.php, (3) sites[] parameter to billable_incidents.php, or (4) search_string parameter to search.php. NOTE: some of these details are obtained from third party information.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3CD3211-A443-4664-AF70-96A40A03D750",
"versionEndIncluding": "3.63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "48854537-091C-4350-A42E-8E6AA19A4C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.21:*:*:*:*:*:*:*",
"matchCriteriaId": "5C5F688E-5CF7-4D74-ACC6-A3310529FFB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.22:*:*:*:*:*:*:*",
"matchCriteriaId": "26752759-E802-4CBC-9D73-2665A4AABF51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.22pl1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A1A041-E0FC-41C2-A170-15A03C31FD5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.23:*:*:*:*:*:*:*",
"matchCriteriaId": "A2EECD19-D7EA-4C64-A722-F0C4285092BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.24:*:*:*:*:*:*:*",
"matchCriteriaId": "9B0CDF97-86B3-4353-B7FE-8E524788E615",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.24:beta-2:*:*:*:*:*:*",
"matchCriteriaId": "0ECEEB33-FE66-48FF-8945-ACC6A51E8FE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.30:*:*:*:*:*:*:*",
"matchCriteriaId": "C2EDE9CA-3535-4EFC-AF2B-101AAAA25D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.30:beta2:*:*:*:*:*:*",
"matchCriteriaId": "560B6249-9370-41BC-AC17-85E3964919CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.31:*:*:*:*:*:*:*",
"matchCriteriaId": "068E4B44-0486-45B7-9194-9AC224EF3714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.32:*:*:*:*:*:*:*",
"matchCriteriaId": "C845FDFC-03AD-4411-8E1B-C7CC975DBDCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.33:*:*:*:*:*:*:*",
"matchCriteriaId": "A0DCEAC2-620C-4D5E-8B2B-E9D86A6DE9E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.35:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8376FA-2673-4E32-9243-8B9F4D88213B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.35:beta1:*:*:*:*:*:*",
"matchCriteriaId": "1BD96791-2932-427C-97AC-423D1908BE94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.36:*:*:*:*:*:*:*",
"matchCriteriaId": "9D186C4D-695B-44CD-95AD-51D53C611228",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.40:*:*:*:*:*:*:*",
"matchCriteriaId": "37E94F89-16DC-42B1-BD43-D51D7D7C5790",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.40:beta1:*:*:*:*:*:*",
"matchCriteriaId": "C890346E-9282-4452-9965-34D2D07A60DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.41:*:*:*:*:*:*:*",
"matchCriteriaId": "19750A35-2A26-40B7-B4D7-63E5D6775C73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.45:*:*:*:*:*:*:*",
"matchCriteriaId": "65028034-D504-49CF-A62B-827A7F86733E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.45:beta1:*:*:*:*:*:*",
"matchCriteriaId": "9E4CD2D0-66BF-4E95-B3AE-7598902B2C72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.50:*:*:*:*:*:*:*",
"matchCriteriaId": "2163711F-8830-471A-A9AE-C4B90DB1BC4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.50:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CF3D5C9C-05DE-44A1-AEC2-308E87D2E0CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.51:*:*:*:*:*:*:*",
"matchCriteriaId": "7929BFDD-9FA8-422B-945D-6FEC46B89E69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.60:*:*:*:*:*:*:*",
"matchCriteriaId": "5567EF75-2161-4A74-AADE-109B3F0DFD26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.61:*:*:*:*:*:*:*",
"matchCriteriaId": "228B6318-F28A-4CB7-A054-5CB1E1C75048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.62:*:*:*:*:*:*:*",
"matchCriteriaId": "68D7980E-CA09-4A29-9901-47FE92A892E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.63:beta1:*:*:*:*:*:*",
"matchCriteriaId": "F2C5C37A-8952-47E9-A081-A0EBDC7E7AF6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.64 allow remote attackers to execute arbitrary SQL commands via the (1) exc[] parameter to report_marketing.php, (2) selected[] parameter to tasks.php, (3) sites[] parameter to billable_incidents.php, or (4) search_string parameter to search.php. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en el Support Incident Tracker (SiT!) antes de v3.64 permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de los par\u00e1metros (1) exc[] a report_marketing.php, (2) selected[] a tasks.php, (3) sites[] \r\na billable_incidents.php, o (4) search_string a search.php. NOTA: algunos de estos detalles han sido obtenidos de informaci\u00f3n de terceros."
}
],
"id": "CVE-2011-5071",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-01-29T04:04:44.843",
"references": [
{
"source": "cve@mitre.org",
"url": "http://en.securitylab.ru/lab/PT-2011-25"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/bugtraq/2011/Jul/174"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45277"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45437"
},
{
"source": "cve@mitre.org",
"url": "http://sitracker.org/wiki/ReleaseNotes364"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://en.securitylab.ru/lab/PT-2011-25"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/bugtraq/2011/Jul/174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45277"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45437"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sitracker.org/wiki/ReleaseNotes364"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-01-29 04:04
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Support Incident Tracker (aka SiT!) 3.65 allow remote attackers to inject arbitrary web script or HTML via (1) the file name to incident_attachments.php; (2) unspecified vectors in link_add.php, possibly involving origref, linkref, linktype parameters, which are not properly handled in the clean_int function in lib/base.inc.php, or the redirect parameter, which is not properly handled in the html_redirect function in lib/html.inc.php; and (3) unspecified vectors in translate.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sitracker | support_incident_tracker | 3.65 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.65:*:*:*:*:*:*:*",
"matchCriteriaId": "691D701C-AEA0-400C-92E9-DAE772E1CBB1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Support Incident Tracker (aka SiT!) 3.65 allow remote attackers to inject arbitrary web script or HTML via (1) the file name to incident_attachments.php; (2) unspecified vectors in link_add.php, possibly involving origref, linkref, linktype parameters, which are not properly handled in the clean_int function in lib/base.inc.php, or the redirect parameter, which is not properly handled in the html_redirect function in lib/html.inc.php; and (3) unspecified vectors in translate.php."
},
{
"lang": "es",
"value": "Varios vulnerabilidades de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en Support Incident Tracker (SIT!) v3.65 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de (1) el nombre del archivo en incident_attachments.php, (2) vectores no especificados en link_add.php , (posiblemente en relaci\u00f3n con los par\u00e1metros origref, linkref y linktype, que no son correctamente gestionados en la funci\u00f3n clean_int en lib/base.inc.php, o con el par\u00e1metro de redirect, que no se maneja correctamente en la funci\u00f3n html_redirect en lib/html.inc.php) y (3) vectores no especificados en translate.php."
}
],
"id": "CVE-2011-5070",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-01-29T04:04:44.783",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45437"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/576355"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/77654"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/77655"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/77656"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/50896"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71652"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45437"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/576355"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/77654"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/77655"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/77656"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/50896"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71652"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-01-29 04:04
Modified
2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in incident_attachments.php in Support Incident Tracker (aka SiT!) 3.65 allows remote attackers to execute arbitrary SQL commands via an uploaded file with a crafted file name.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sitracker | support_incident_tracker | 3.65 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.65:*:*:*:*:*:*:*",
"matchCriteriaId": "691D701C-AEA0-400C-92E9-DAE772E1CBB1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in incident_attachments.php in Support Incident Tracker (aka SiT!) 3.65 allows remote attackers to execute arbitrary SQL commands via an uploaded file with a crafted file name."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en incident_attachments.php en Support Incident Tracker v3.65 permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de un archivo subido con un nombre de archivo especificamente modificado."
}
],
"id": "CVE-2011-3831",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-01-29T04:04:44.487",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45453"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2011-77/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/576355"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.osvdb.org/77001"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/50632"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71235"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45453"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2011-77/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/576355"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/77001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/50632"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71235"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-01-29 04:04
Modified
2025-04-11 00:51
Severity ?
Summary
Unrestricted file upload vulnerability in incident_attachments.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in unspecified directory, a different program than CVE-2011-3833.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sitracker | support_incident_tracker | 3.65 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.65:*:*:*:*:*:*:*",
"matchCriteriaId": "691D701C-AEA0-400C-92E9-DAE772E1CBB1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in incident_attachments.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in unspecified directory, a different program than CVE-2011-3833."
},
{
"lang": "es",
"value": "Una vulnerabilidad de subida de archivos sin restricciones en incident_attachments.php en Support Incident Tracker(SIT!) v3.65 permite a usuarios remotos autenticados ejecutar c\u00f3digo de su elecci\u00f3n mediante la subida de un archivo con una extensi\u00f3n ejecutable, para luego ejecutarlo a trav\u00e9s de una solicitud directa al archivo en el directorio especificado. Se trata de un problema diferente a CVE-2011-3833."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/434.html\r\n\r\n\u0027CWE-434: Unrestricted Upload of File with Dangerous Type\u0027",
"id": "CVE-2011-5069",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-01-29T04:04:44.737",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45437"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/576355"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/77653"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/50896"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45437"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/576355"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/77653"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/50896"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71651"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-02 14:16
Modified
2024-11-21 04:38
Severity ?
Summary
In Support Incident Tracker (SiT!) 3.67, the search_id parameter in the search_incidents_advanced.php page is affected by XSS.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in.html | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sitracker | support_incident_tracker | 3.67 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sitracker:support_incident_tracker:3.67:*:*:*:*:*:*:*",
"matchCriteriaId": "5883EF45-2F40-4F10-91D6-CD6F827C04A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Support Incident Tracker (SiT!) 3.67, the search_id parameter in the search_incidents_advanced.php page is affected by XSS."
},
{
"lang": "es",
"value": "En Support Incident Tracker (SiT!) versi\u00f3n 3.67, el par\u00e1metro search_id en la p\u00e1gina search_incidents_advanced.php est\u00e1 afectado por una vulnerabilidad de tipo XSS."
}
],
"id": "CVE-2019-20220",
"lastModified": "2024-11-21T04:38:14.130",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-02T14:16:36.767",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://fatihhcelik.blogspot.com/2019/12/support-incident-tracker-xss-in.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}