Every CVE whose affected-product data names Bestpractical Rt, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (36)
CVE-2011-5092 — CVSS 7.5 (high): Best Practical Solutions RT 3.8.x before 3.8.12 and 4.x before 4.0.6 allows remote attackers to execute arbitrary code and gain privileges…
CVE-2013-3370 — CVSS 6.8 (medium): Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 does not properly restrict access to private callback components, which…
CVE-2011-2085 — CVSS 6.8 (medium): Multiple cross-site request forgery (CSRF) vulnerabilities in Best Practical Solutions RT before 3.8.12 and 4.x before 4.0.6 allow remote…
CVE-2012-4732 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in Request Tracker (RT) 3.8.12 and other versions before 3.8.15, and 4.0.6 and other…
CVE-2011-4458 — CVSS 6.8 (medium): Best Practical Solutions RT 3.6.x, 3.7.x, and 3.8.x before 3.8.12 and 4.x before 4.0.6, when the VERPPrefix and VERPDomain options are…
CVE-2011-1686 — CVSS 6.5 (medium): Multiple SQL injection vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through…
CVE-2011-5093 — CVSS 6.5 (medium): Best Practical Solutions RT 4.x before 4.0.6 does not properly implement the DisallowExecuteCode option, which allows remote authenticated…
CVE-2011-4460 — CVSS 6.5 (medium): SQL injection vulnerability in Best Practical Solutions RT 2.x and 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users…
CVE-2013-3369 — CVSS 6.0 (medium): Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote authenticated users with the permissions to view the…
CVE-2012-4733 — CVSS 6.0 (medium): Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which…
CVE-2009-4151 — CVSS 5.8 (medium): Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through…
CVE-2009-3585 — CVSS 5.8 (medium): Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through…
CVE-2012-4884 — CVSS 5.0 (medium): Argument injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to create…
CVE-2014-1474 — CVSS 5.0 (medium): Algorithmic complexity vulnerability in Email::Address::List before 0.02, as used in RT 4.2.0 through 4.2.2, allows remote attackers to…
CVE-2011-2082 — CVSS 5.0 (medium): The vulnerable-passwords script in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not update the password-hash…
CVE-2013-3373 — CVSS 5.0 (medium): CRLF injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject…
CVE-2012-4734 — CVSS 5.0 (medium): Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to conduct a "confused deputy" attack to bypass the…
CVE-2011-1685 — CVSS 4.6 (medium): Best Practical Solutions RT 3.8.0 through 3.8.9 and 4.0.0rc through 4.0.0rc7, when the CustomFieldValuesSources (aka external custom field)…
CVE-2013-3374 — CVSS 4.3 (medium): Unspecified vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13, when using the Apache::Session::File session…
CVE-2011-1688 — CVSS 4.3 (medium): Directory traversal vulnerability in Best Practical Solutions RT 3.2.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7…
CVE-2009-3892 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Best Practical Solutions RT 3.6.x before 3.6.9, 3.8.x before 3.8.5, and other 3.4.6 through…
CVE-2013-3372 — CVSS 4.3 (medium): Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject multiple Content-Disposition HTTP…
CVE-2011-0009 — CVSS 4.3 (medium): Best Practical Solutions RT 3.x before 3.8.9rc2 and 4.x before 4.0.0rc4 uses the MD5 algorithm for password hashes, which makes it easier…
CVE-2013-3371 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 3.8.3 through 3.8.16 and 4.0.x before 4.0.13 allows remote attackers to…
CVE-2011-2083 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allow remote…
CVE-2011-1689 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc…
CVE-2011-1690 — CVSS 4.3 (medium): Best Practical Solutions RT 3.6.0 through 3.6.10 and 3.8.0 through 3.8.8 allows remote attackers to trick users into sending credentials to…
CVE-2008-3502 — CVSS 4.0 (medium): Unspecified vulnerability in Best Practical Solutions RT 3.0.0 through 3.6.6 allows remote authenticated users to cause a denial of service…
CVE-2011-1008 — CVSS 4.0 (medium): Scrips_Overlay.pm in Best Practical Solutions RT before 3.8.9 does not properly restrict access to a TicketObj in a Scrip after a…
CVE-2011-1687 — CVSS 4.0 (medium): Best Practical Solutions RT 3.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote authenticated users to…
CVE-2011-2084 — CVSS 4.0 (medium): Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to read (1) hashes of former passwords…
CVE-2012-4730 — CVSS 3.5 (low): Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote authenticated users with ModifySelf or AdminUser privileges…
CVE-2011-4459 — CVSS 3.5 (low): Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not properly disable groups, which allows remote authenticated…
CVE-2013-3368 — CVSS 3.3 (low): bin/rt in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows local users to overwrite arbitrary files via a symlink…
CVE-2013-5587 — CVSS 2.6 (low): Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.13, when MakeClicky is configured, allows remote attackers…
CVE-2011-1007 — CVSS 2.1 (low): Best Practical Solutions RT before 3.8.9 does not perform certain redirect actions upon a login, which allows physically proximate…