Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
da11085c by Salvatore Bonaccorso at 2026-06-16T21:27:45+02:00
Update CVEs for osticket

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2026-9507 (A session fixation vulnerability has been identified in 
osTicket v1.18 ...)
-       TODO: check
+       - osticket <itp> (bug #998157)
 CVE-2026-9307 (A sensitive information disclosure security issue exists within 
the af ...)
        NOT-FOR-US: Rockwell Automation
 CVE-2026-8484 (A heap buffer overflow vulnerability exists in the Jansi JNI 
"ioctl()" ...)
@@ -24676,7 +24676,7 @@ CVE-2026-8196 (A flaw has been found in JeecgBoot 
3.9.1. The impacted element is
 CVE-2026-8195 (A vulnerability was detected in JeecgBoot up to 3.9.1. The 
affected el ...)
        NOT-FOR-US: JeecgBoot
 CVE-2026-8194 (A security vulnerability has been detected in osTicket up to 
1.18.3. I ...)
-       NOT-FOR-US: osTicket
+       - osticket <itp> (bug #998157)
 CVE-2026-45186 (In libexpat before 2.8.1, the computational complexity of 
attribute na ...)
        - expat 2.8.0-2 (bug #1136164)
        NOTE: https://github.com/libexpat/libexpat/pull/1216
@@ -47610,7 +47610,7 @@ CVE-2026-26928 (SzafirHostdownloads necessary files in 
the context of the initia
 CVE-2026-26927 (Szafir SDK Web is a browser plug-in that can run SzafirHost 
applicatio ...)
        NOT-FOR-US: Szafir SDK Web
 CVE-2026-26895 (User enumeration vulnerability in /pwreset.php in osTicket 
v1.18.2 all ...)
-       NOT-FOR-US: osTicket
+       - osticket <itp> (bug #998157)
 CVE-2026-25212 (An issue was discovered in Percona PMM before 3.7. Because an 
internal ...)
        NOT-FOR-US: Percona PMM
 CVE-2026-0688 (The Webmention plugin for WordPress is vulnerable to 
Server-Side Reque ...)
@@ -84778,7 +84778,7 @@ CVE-2026-22250 (wlc is a Weblate command-line client 
using Weblate's REST API. P
        NOTE: https://github.com/WeblateOrg/wlc/pull/1097
        NOTE: Fixed by: 
https://github.com/WeblateOrg/wlc/commit/a513864ec4daad00146e6d6e039559726e256fa3
 (1.17.0)
 CVE-2026-22200 (Enhancesoft osTicket versions 1.18.x prior to 1.18.3 and 
1.17.x prior  ...)
-       NOT-FOR-US: osTicket
+       - osticket <itp> (bug #998157)
 CVE-2026-22050 (ONTAP versions 9.16.1 prior to 9.16.1P9 and 9.17.1 prior to 
9.17.1P2 w ...)
        NOT-FOR-US: NetApp
 CVE-2026-22033 (Label Studio is a multi-type data labeling and annotation 
tool. In 1.2 ...)
@@ -163324,7 +163324,7 @@ CVE-2025-46806 (A Use of Out-of-range Pointer Offset 
vulnerability in sslh leads
 CVE-2025-45542 (SQL injection vulnerability in the registrationform endpoint 
of CloudC ...)
        NOT-FOR-US: CloudClassroom-PHP-Project
 CVE-2025-45387 (osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken 
Access  ...)
-       NOT-FOR-US: osTicket
+       - osticket <itp> (bug #998157)
 CVE-2025-44172 (Tenda AC6 V15.03.05.16 was discovered to contain a stack 
overflow via  ...)
        NOT-FOR-US: Tenda
 CVE-2025-44115 (A vulnerability has been found in Cotonti Siena v0.9.25. 
Affected by t ...)
@@ -171793,7 +171793,7 @@ CVE-2025-27921 (A reflected cross-site scripting 
(XSS) vulnerability was discove
 CVE-2025-27920 (Output Messenger before 2.0.63 was vulnerable to a directory 
traversal ...)
        NOT-FOR-US: Output Messenger
 CVE-2025-26241 (A SQL injection vulnerability in the "Search" functionality of 
"ticket ...)
-       NOT-FOR-US: osTicket
+       - osticket <itp> (bug #998157)
 CVE-2025-25504 (An issue in the /usr/local/bin/jncs.sh script of Gefen WebFWC 
(In AV o ...)
        NOT-FOR-US: Gefen WebFWC
 CVE-2025-24977 (OpenCTI is an open cyber threat intelligence (CTI) platform. 
Prior to  ...)
@@ -304722,7 +304722,7 @@ CVE-2023-49034 (Cross Site Scripting (XSS) 
vulnerability in ProjeQtOr 11.0.2 all
 CVE-2023-47422 (An access control issue in /usr/sbin/httpd in Tenda TX9 V1 
V22.03.02.5 ...)
        NOT-FOR-US: Tenda
 CVE-2023-46967 (Cross Site Scripting vulnerability in the sanitize function in 
Enhance ...)
-       NOT-FOR-US: osTicket
+       - osticket <itp> (bug #998157)
 CVE-2023-42953 (A permissions issue was addressed with additional 
restrictions. This i ...)
        NOT-FOR-US: Apple
 CVE-2023-42952 (The issue was addressed with improved checks. This issue is 
fixed in i ...)
@@ -354387,7 +354387,7 @@ CVE-2023-30083 (Buffer Overflow vulnerability found 
in Libming swftophp v.0.4.8
        - ming <removed>
        NOTE: https://github.com/libming/libming/issues/266
 CVE-2023-30082 (A denial of service attack might be launched against the 
server if an  ...)
-       NOT-FOR-US: osTicket
+       - osticket <itp> (bug #998157)
 CVE-2023-30081
        RESERVED
 CVE-2023-30080
@@ -361212,17 +361212,17 @@ CVE-2023-1322 (A vulnerability was found in lmxcms 
1.41 and classified as critic
 CVE-2023-1321 (A vulnerability has been found in lmxcms 1.41 and classified as 
critic ...)
        NOT-FOR-US: lmxcms
 CVE-2023-1320 (Cross-site Scripting (XSS) - Stored in GitHub repository 
osticket/osti ...)
-       NOT-FOR-US: osTicket
+       - osticket <itp> (bug #998157)
 CVE-2023-1319 (Cross-site Scripting (XSS) - Stored in GitHub repository 
osticket/osti ...)
-       NOT-FOR-US: osTicket
+       - osticket <itp> (bug #998157)
 CVE-2023-1318 (Cross-site Scripting (XSS) - Generic in GitHub repository 
osticket/ost ...)
-       NOT-FOR-US: osTicket
+       - osticket <itp> (bug #998157)
 CVE-2023-1317 (Cross-site Scripting (XSS) - Reflected in GitHub repository 
osticket/o ...)
-       NOT-FOR-US: osTicket
+       - osticket <itp> (bug #998157)
 CVE-2023-1316 (Cross-site Scripting (XSS) - Stored in GitHub repository 
osticket/osti ...)
-       NOT-FOR-US: osTicket
+       - osticket <itp> (bug #998157)
 CVE-2023-1315 (Cross-site Scripting (XSS) - Reflected in GitHub repository 
osticket/o ...)
-       NOT-FOR-US: osTicket
+       - osticket <itp> (bug #998157)
 CVE-2023-1314 (A vulnerability has been discovered in cloudflared's installer 
(<= 202 ...)
        NOT-FOR-US: cloudflared's installer
 CVE-2023-1313 (Unrestricted Upload of File with Dangerous Type in GitHub 
repository c ...)
@@ -363934,9 +363934,9 @@ CVE-2023-27151 (openCRX 5.2.0 was discovered to 
contain an HTML injection vulner
 CVE-2023-27150 (openCRX 5.2.0 was discovered to contain a cross-site scripting 
(XSS) v ...)
        NOT-FOR-US: openCRX
 CVE-2023-27149 (A stored cross-site scripting (XSS) vulnerability in 
Enhancesoft osTic ...)
-       NOT-FOR-US: Enhancesoft osTicket
+       - osticket <itp> (bug #998157)
 CVE-2023-27148 (A stored cross-site scripting (XSS) vulnerability in the Admin 
panel i ...)
-       NOT-FOR-US: Enhancesoft osTicket
+       - osticket <itp> (bug #998157)
 CVE-2023-27147
        RESERVED
 CVE-2023-27146
@@ -385887,7 +385887,7 @@ CVE-2022-46364 (A SSRF vulnerability in parsing 
thehref attribute of XOP:Include
 CVE-2022-46363 (A vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 
allows  ...)
        NOT-FOR-US: Apache CXF
 CVE-2022-4271 (Cross-site Scripting (XSS) - Reflected in GitHub repository 
osticket/o ...)
-       NOT-FOR-US: osTicket
+       - osticket <itp> (bug #998157)
 CVE-2022-4270 (Incorrect privilege assignment issue in M-Files Web in M-Files 
Web ver ...)
        NOT-FOR-US: M-Files Web
 CVE-2022-4269 (A flaw was found in the Linux kernel Traffic Control (TC) 
subsystem. U ...)
@@ -429197,11 +429197,11 @@ CVE-2022-31892
 CVE-2022-31891
        RESERVED
 CVE-2022-31890 (SQL Injection vulnerability in audit/class.audit.php in 
osTicket osTic ...)
-       NOT-FOR-US: osTicket
+       - osticket <itp> (bug #998157)
 CVE-2022-31889 (Cross Site Scripting (XSS) vulnerability in 
audit/templates/auditlogs. ...)
-       NOT-FOR-US: osTicket
+       - osticket <itp> (bug #998157)
 CVE-2022-31888 (Session Fixation vulnerability in in function login in 
class.auth.php  ...)
-       NOT-FOR-US: osTicket
+       - osticket <itp> (bug #998157)
 CVE-2022-31887 (Marval MSM v14.19.0.12476 has a 0-Click Account Takeover 
vulnerability ...)
        NOT-FOR-US: Marval MSM
 CVE-2022-31886 (Marval MSM v14.19.0.12476 is vulnerable to Cross Site Request 
Forgery  ...)
@@ -460924,7 +460924,7 @@ CVE-2021-45813 (SLICAN WebCTI 1.01 2015 is affected 
by a Cross Site Scripting (X
 CVE-2021-45812 (NUUO Network Video Recorder NVRsolo 3.9.1 is affected by a 
Cross Site  ...)
        NOT-FOR-US: NUUO Network Video Recorder NVRsolo
 CVE-2021-45811 (A SQL injection vulnerability in the "Search" functionality of 
"ticket ...)
-       NOT-FOR-US: osTicket
+       - osticket <itp> (bug #998157)
 CVE-2021-45810 (GlobalProtect-openconnect versions prior to 2.0.0 (exclusive) 
are affe ...)
        NOT-FOR-US: GlobalProtect-openconnect
 CVE-2021-45809 (GlobalProtect-openconnect versions prior to 1.4.3 are affected 
by inco ...)
@@ -475617,7 +475617,7 @@ CVE-2021-42237 (Sitecore XP 7.5 Initial Release to 
Sitecore XP 8.2 Update-7 is v
 CVE-2021-42236
        RESERVED
 CVE-2021-42235 (SQL injection in osTicket before 1.14.8 and 1.15.4 login and 
password  ...)
-       NOT-FOR-US: osTicket
+       - osticket <itp> (bug #998157)
 CVE-2021-42234
        RESERVED
 CVE-2021-42233 (The Simple Blog plugin in Wondercms 3.4.1 is vulnerable to 
stored cros ...)
@@ -551970,7 +551970,7 @@ CVE-2020-24919
 CVE-2020-24918 (A buffer overflow in the RTSP service of the Ambarella Oryx 
RTSP Serve ...)
        NOT-FOR-US: Ambarella
 CVE-2020-24917 (osTicket before 1.14.3 allows XSS via a crafted filename to 
DraftAjaxA ...)
-       NOT-FOR-US: osTicket
+       - osticket <itp> (bug #998157)
 CVE-2020-24916 (CGI implementation in Yaws web server versions 1.81 to 2.0.7 
is vulner ...)
        {DSA-4773-1 DLA-2384-1}
        - yaws 2.0.8+dfsg-1
@@ -552055,7 +552055,7 @@ CVE-2020-24883
 CVE-2020-24882
        RESERVED
 CVE-2020-24881 (SSRF exists in osTicket before 1.14.3, where an attacker can 
add malic ...)
-       NOT-FOR-US: osTicket
+       - osticket <itp> (bug #998157)
 CVE-2020-24880
        RESERVED
 CVE-2020-24879
@@ -557091,9 +557091,9 @@ CVE-2020-22611
 CVE-2020-22610
        RESERVED
 CVE-2020-22609 (Cross Site Scripting (XSS) vulnerability in Enhancesoft 
osTicket befor ...)
-       NOT-FOR-US: osTicket
+       - osticket <itp> (bug #998157)
 CVE-2020-22608 (Cross Site Scripting vulnerability in Enhancesoft osTicket 
before v1.1 ...)
-       NOT-FOR-US: osTicket
+       - osticket <itp> (bug #998157)
 CVE-2020-22607 (Cross Site Scripting vulnerabilty in LimeSurvey 4.1.11+200316 
via the  ...)
        - limesurvey <itp> (bug #472802)
 CVE-2020-22606
@@ -570892,7 +570892,7 @@ CVE-2020-16195
 CVE-2020-16194 (An Insecure Direct Object Reference (IDOR) vulnerability was 
found in  ...)
        NOT-FOR-US: Prestashop Opart devis
 CVE-2020-16193 (osTicket before 1.14.3 allows XSS because 
include/staff/banrule.inc.ph ...)
-       NOT-FOR-US: osTicket
+       - osticket <itp> (bug #998157)
 CVE-2020-16192 (LimeSurvey 4.3.2 allows reflected XSS because 
application/controllers/ ...)
        - limesurvey <itp> (bug #472802)
 CVE-2020-16191
@@ -577110,7 +577110,7 @@ CVE-2020-14014 (An issue was discovered in Navigate 
CMS 2.8 and 2.9 r1433. The q
 CVE-2020-14013
        RESERVED
 CVE-2020-14012 (scp/categories.php in osTicket 1.14.2 allows XSS via a 
Knowledgebase C ...)
-       NOT-FOR-US: osTicket
+       - osticket <itp> (bug #998157)
 CVE-2020-14011 (Lansweeper 6.0.x through 7.2.x has a default installation in 
which the ...)
        NOT-FOR-US: Lansweeper
 CVE-2020-14010 (The Laborator Xenon theme 1.3 for WordPress allows Reflected 
XSS via t ...)
@@ -580827,7 +580827,7 @@ CVE-2020-12631
 CVE-2020-12630
        RESERVED
 CVE-2020-12629 (include/class.sla.php in osTicket before 1.14.2 allows XSS via 
the SLA ...)
-       NOT-FOR-US: osTicket
+       - osticket <itp> (bug #998157)
 CVE-2020-12628
        RESERVED
 CVE-2020-12627 (Calibre-Web 0.6.6 allows authentication bypass because of the 
'A0Zr98j ...)
@@ -628675,11 +628675,11 @@ CVE-2019-14751 (NLTK Downloader before 3.4.5 is 
vulnerable to a directory traver
        NOTE: https://salvatoresecurity.com/zip-slip-in-nltk-cve-2019-14751/
        NOTE: 
https://github.com/nltk/nltk/commit/f59d7ed8df2e0e957f7f247fe218032abdbe9a10
 CVE-2019-14750 (An issue was discovered in osTicket before 1.10.7 and 1.12.x 
before 1. ...)
-       NOT-FOR-US: osTicket
+       - osticket <itp> (bug #998157)
 CVE-2019-14749 (An issue was discovered in osTicket before 1.10.7 and 1.12.x 
before 1. ...)
-       NOT-FOR-US: osTicket
+       - osticket <itp> (bug #998157)
 CVE-2019-14748 (An issue was discovered in osTicket before 1.10.7 and 1.12.x 
before 1. ...)
-       NOT-FOR-US: osTicket
+       - osticket <itp> (bug #998157)
 CVE-2019-14747 (DWSurvey through 2019-07-22 has stored XSS via the 
design/my-survey-de ...)
        NOT-FOR-US: DWSurvey
 CVE-2019-14746 (A issue was discovered in KuaiFanCMS 5.0. It allows eval 
injection by  ...)
@@ -633991,7 +633991,7 @@ CVE-2019-13399 (Dynacolor FCM-MB40 v1.2.0.0 devices 
have a hard-coded SSL/TLS ke
 CVE-2019-13398 (Dynacolor FCM-MB40 v1.2.0.0 devices allow remote attackers to 
execute  ...)
        NOT-FOR-US: Dynacolor
 CVE-2019-13397 (Unauthenticated Stored XSS in osTicket 1.10.1 allows a remote 
attacker ...)
-       NOT-FOR-US: osTicket
+       - osticket <itp> (bug #998157)
 CVE-2019-13396 (FlightPath 4.x and 5.0-x allows directory traversal and Local 
File Inc ...)
        NOT-FOR-US: FlightPath
 CVE-2019-13395 (The Voo branded NETGEAR CG3700b custom firmware V2.02.03 
allows CSRF a ...)
@@ -639314,7 +639314,7 @@ CVE-2019-11539 (In Pulse Secure Pulse Connect Secure 
version 9.0RX before 9.0R3.
 CVE-2019-11538 (In Pulse Secure Pulse Connect Secure version 9.0RX before 
9.0R3.4, 8.3 ...)
        NOT-FOR-US: Pulse Secure Pulse Connect Secure
 CVE-2019-11537 (In osTicket before 1.12, XSS exists via /upload/file.php, 
/upload/scp/ ...)
-       NOT-FOR-US: osTicket
+       - osticket <itp> (bug #998157)
 CVE-2019-11536 (Kalki Kalkitech SYNC3000 Substation DCU GPC v2.22.6, 2.23.0, 
2.24.0, 3 ...)
        NOT-FOR-US: Kalki Kalkitech
 CVE-2019-11535 (Unsanitized user input in the web interface for Linksys WiFi 
extender  ...)
@@ -705525,15 +705525,15 @@ CVE-2018-7198 (October CMS through 1.0.431 allows 
XSS by entering HTML on the Ad
 CVE-2018-7197 (An issue was discovered in Pluck through 4.7.4. A stored 
cross-site sc ...)
        NOT-FOR-US: Pluck CMS
 CVE-2018-7196 (Cross-site scripting (XSS) vulnerability in /scp/index.php in 
Enhances ...)
-       NOT-FOR-US: osTicket
+       - osticket <itp> (bug #998157)
 CVE-2018-7195 (Enhancesoft osTicket before 1.10.2 allows remote attackers to 
reset ar ...)
-       NOT-FOR-US: osTicket
+       - osticket <itp> (bug #998157)
 CVE-2018-7194 (Integer format vulnerability in the ticket number generator in 
Enhance ...)
-       NOT-FOR-US: osTicket
+       - osticket <itp> (bug #998157)
 CVE-2018-7193 (Cross-site scripting (XSS) vulnerability in /scp/directory.php 
in Enha ...)
-       NOT-FOR-US: osTicket
+       - osticket <itp> (bug #998157)
 CVE-2018-7192 (Cross-site scripting (XSS) vulnerability in 
/ajax.php/form/help-topic  ...)
-       NOT-FOR-US: osTicket
+       - osticket <itp> (bug #998157)
 CVE-2018-7191 (In the tun subsystem in the Linux kernel before 4.13.14, 
dev_get_valid ...)
        - linux 4.14.2-1
        [stretch] - linux 4.9.65-1
@@ -731486,7 +731486,7 @@ CVE-2017-15582 (In net.MCrypt in the "Diary with 
lock" (aka WriteDiary) applicat
 CVE-2017-15581 (In the "Diary with lock" (aka WriteDiary) application 4.72 for 
Android ...)
        NOT-FOR-US: Diary with lock
 CVE-2017-15580 (osTicket 1.10.1 provides a functionality to upload 'html' 
files with a ...)
-       NOT-FOR-US: osTicket
+       - osticket <itp> (bug #998157)
 CVE-2017-15579 (In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via 
an aa_pa ...)
        NOT-FOR-US: PHPSUGAR PHP Melody
 CVE-2017-15578 (In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via 
the imag ...)
@@ -732174,7 +732174,7 @@ CVE-2017-15364 (The foreach function in ext/ccsv.c in 
Ccsv 1.1.0 allows remote a
 CVE-2017-15363 (Directory traversal vulnerability in 
public/examples/resources/getsour ...)
        NOT-FOR-US: Luracast Restler
 CVE-2017-15362 (osTicket 1.10.1 allows arbitrary client-side JavaScript code 
execution ...)
-       NOT-FOR-US: osTicket
+       - osticket <itp> (bug #998157)
 CVE-2017-15361 (The Infineon RSA library 1.02.013 in Infineon Trusted Platform 
Module  ...)
        NOT-FOR-US: Infineon RSA library
 CVE-2017-15360 (PRTG Network Monitor version 17.3.33.2830 is vulnerable to 
stored Cros ...)
@@ -735279,7 +735279,7 @@ CVE-2017-14398 (rzpnk.sys in Razer Synapse 
2.20.15.1104 allows local users to re
 CVE-2017-14397 (AnyDesk before 3.6.1 on Windows has a DLL injection 
vulnerability.)
        NOT-FOR-US: AnyDesk
 CVE-2017-14396 (In osTicket before 1.10.1, SQL injection is possible by 
constructing a ...)
-       NOT-FOR-US: osTicket
+       - osticket <itp> (bug #998157)
 CVE-2017-14395 (Auth 2.0 Authorization Server of ForgeRock Access Management 
(OpenAM)  ...)
        NOT-FOR-US: OpenAM
 CVE-2017-14394 (OAuth 2.0 Authorization Server of ForgeRock Access Management 
(OpenAM) ...)
@@ -829884,7 +829884,7 @@ CVE-2015-1349 (named in ISC BIND 9.7.0 through 9.9.6 
before 9.9.6-P2 and 9.10.x
 CVE-2015-1348 (Heap-based buffer overflow in Aruba Instant (IAP) with firmware 
before ...)
        NOT-FOR-US: Aruba Instant
 CVE-2015-1347 (Cross-site scripting (XSS) vulnerability in client.inc.php in 
osTicket ...)
-       NOT-FOR-US: osTicket
+       - osticket <itp> (bug #998157)
 CVE-2015-1344 (The do_write_pids function in lxcfs.c in LXCFS before 0.12 does 
not pr ...)
        - lxcfs <not-affected> (Fixed before initial upload to the archive)
        NOTE: https://bugs.launchpad.net/ubuntu/+source/lxcfs/+bug/1512854
@@ -830606,7 +830606,7 @@ CVE-2015-1178 (Multiple cross-site scripting (XSS) 
vulnerabilities in cart.php i
 CVE-2015-1177 (Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.2.)
        NOT-FOR-US: Exponent CMS
 CVE-2015-1176 (Cross-site scripting (XSS) vulnerability in 
upload/scp/tickets.php in  ...)
-       NOT-FOR-US: osTicket
+       - osticket <itp> (bug #998157)
 CVE-2015-1174 (Session fixation vulnerability in Unit4 Polska TETA Web 
(formerly TETA ...)
        NOT-FOR-US: Unit4 Polska TETA Web
 CVE-2015-1173 (Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 does 
not pro ...)
@@ -846376,7 +846376,7 @@ CVE-2014-4746 (IBM WebSphere Portal 8.0.0 before 
8.0.0.1 CF13 and 8.5.0 through
 CVE-2014-4745
        RESERVED
 CVE-2014-4744 (Multiple cross-site scripting (XSS) vulnerabilities in osTicket 
before ...)
-       NOT-FOR-US: osTicket
+       - osticket <itp> (bug #998157)
 CVE-2014-4743 (Multiple cross-site scripting (XSS) vulnerabilities in (1) 
search_ajax ...)
        NOT-FOR-US: Kajona module
 CVE-2014-4742 (Cross-site scripting (XSS) vulnerability in 
system/class_link.php in t ...)
@@ -909626,7 +909626,7 @@ CVE-2010-4636 (SQL injection vulnerability in 
detail.asp in Site2Nite Business e
 CVE-2010-4635 (SQL injection vulnerability in detail.asp in Site2Nite Vacation 
Rental ...)
        NOT-FOR-US: Site2Nite
 CVE-2010-4634 (Directory traversal vulnerability in osTicket 1.6 allows remote 
attack ...)
-       NOT-FOR-US: osTicket
+       - osticket <itp> (bug #998157)
 CVE-2010-4633 (SQL injection vulnerability in cart.php in digiSHOP 2.0.2 
allows remot ...)
        NOT-FOR-US: digiSHOP
 CVE-2010-4632 (Multiple SQL injection vulnerabilities in ASPilot Pilot Cart 
7.3 allow ...)
@@ -921905,9 +921905,9 @@ CVE-2010-0608 (SQL injection vulnerability in 
index.php in NovaBoard 1.1.2 allow
 CVE-2010-0607 (Cross-site scripting (XSS) vulnerability in 
Forms/status_statistics_1  ...)
        NOT-FOR-US: Sterlite SAM300 AX Router
 CVE-2010-0606 (Cross-site scripting (XSS) vulnerability in scp/ajax.php in 
osTicket b ...)
-       NOT-FOR-US: osTicket
+       - osticket <itp> (bug #998157)
 CVE-2010-0605 (SQL injection vulnerability in scp/ajax.php in osTicket before 
1.6.0 S ...)
-       NOT-FOR-US: osTicket
+       - osticket <itp> (bug #998157)
 CVE-2010-0604 (Unspecified vulnerability in the SIP implementation on the 
Cisco PGW 2 ...)
        NOT-FOR-US: Cisco PGW
 CVE-2010-0603 (The SIP implementation on the Cisco PGW 2200 Softswitch with 
software  ...)
@@ -930794,7 +930794,7 @@ CVE-2009-2363 (Stack-based buffer overflow in 
KUDRSOFT AudioPLUS 2.00.215 allows
 CVE-2009-2362 (Stack-based buffer overflow in KUDRSOFT AudioPLUS 2.0.0.215 
allows rem ...)
        NOT-FOR-US: KUDRSOFT AudioPLUS
 CVE-2009-2361 (SQL injection vulnerability in include/class.staff.php in 
osTicket bef ...)
-       NOT-FOR-US: osTicket
+       - osticket <itp> (bug #998157)
 CVE-2009-2359 (Multiple SQL injection vulnerabilities in TekRADIUS 3.0 allow 
context- ...)
        NOT-FOR-US: TekRADIUS
 CVE-2009-2358 (TekRADIUS 3.0 uses BUILTIN\Users:R permissions for the 
TekRADIUS.ini f ...)
@@ -974606,7 +974606,7 @@ CVE-2006-5409 (Multiple SQL injection vulnerabilities 
in the wireless IDS manage
 CVE-2006-5408 (Multiple cross-site scripting (XSS) vulnerabilities in the 
wireless ID ...)
        NOT-FOR-US: Highwall Enterprise and Highwall Endpoint
 CVE-2006-5407 (PHP remote file inclusion vulnerability in open_form.php in 
osTicket a ...)
-       NOT-FOR-US: osTicket
+       - osticket <itp> (bug #998157)
 CVE-2006-5406 (Passgo Defender 5.2 creates the application directory with 
insecure pe ...)
        NOT-FOR-US: Passgo Defender
 CVE-2006-5405 (Unspecified vulnerability in Toshiba Bluetooth wireless device 
driver  ...)
@@ -995310,9 +995310,9 @@ CVE-2005-2156 (SQL injection vulnerability in 
news.php in PHPNews 1.2.5 allows r
 CVE-2005-2155 (PHP remote file inclusion vulnerability in EasyPHPCalendar 
6.1.5 and e ...)
        NOT-FOR-US: EasyPHPCalender
 CVE-2005-2154 (PHP local file inclusion vulnerability in (1) view.php and (2) 
open.ph ...)
-       NOT-FOR-US: osTicket
+       - osticket <itp> (bug #998157)
 CVE-2005-2153 (SQL injection vulnerability in class.ticket.php in osTicket 
1.3.1 beta ...)
-       NOT-FOR-US: osTicket
+       - osticket <itp> (bug #998157)
 CVE-2005-2152 (SQL injection vulnerability in Geeklog before 1.3.11 allows 
remote att ...)
        NOT-FOR-US: Geeklog
 CVE-2005-2151 (spf.c in Courier Mail Server does not properly handle DNS 
failures whe ...)
@@ -998691,13 +998691,13 @@ CVE-2005-1441 (Format string vulnerability in Lotus 
Domino 6.0.x before 6.0.5 an
 CVE-2005-1440 (Multiple cross-site scripting (XSS) vulnerabilities in ViArt 
Shop Ente ...)
        NOT-FOR-US: ViArt Shop
 CVE-2005-1439 (Directory traversal vulnerability in attachments.php in 
osTicket allow ...)
-       NOT-FOR-US: osTicket
+       - osticket <itp> (bug #998157)
 CVE-2005-1438 (PHP remote file inclusion vulnerability in main.php in osTicket 
allows ...)
-       NOT-FOR-US: osTicket
+       - osticket <itp> (bug #998157)
 CVE-2005-1437 (Multiple SQL injection vulnerabilities in osTicket allow remote 
attack ...)
-       NOT-FOR-US: osTicket
+       - osticket <itp> (bug #998157)
 CVE-2005-1436 (Multiple cross-site scripting (XSS) vulnerabilities in osTicket 
allow  ...)
-       NOT-FOR-US: osTicket
+       - osticket <itp> (bug #998157)
 CVE-2005-1435 (Open WebMail (OWM) before 2.51 20050430 allows remote 
authenticated us ...)
        - openwebmail <removed>
 CVE-2005-1434 (Multiple unknown vulnerabilities in OpenView Network Node 
Manager (OV  ...)
@@ -1005228,9 +1005228,9 @@ CVE-2004-0616 (The BT Voyager 2000 Wireless ADSL 
Router has a default public SNM
 CVE-2004-0615 (Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO 
router ...)
        NOT-FOR-US: D-Link DI-614+ SOHO router
 CVE-2004-0614 (osTicket trusts a hidden form field in the submit form to limit 
the up ...)
-       NOT-FOR-US: osTicket
+       - osticket <itp> (bug #998157)
 CVE-2004-0613 (osTicket allows remote attackers to view sensitive uploaded 
files and  ...)
-       NOT-FOR-US: osTicket
+       - osticket <itp> (bug #998157)
 CVE-2004-0612 (The Mobile Code filter in ZoneAlarm Pro 5.0.590.015 does not 
filter mo ...)
        NOT-FOR-US: ZoneAlarm Pro
 CVE-2004-0611 (Web-Based Administration in Netgear FVS318 VPN Router allows 
remote at ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da11085cfa612b8b6e0841f95e6d4c3fb2481539

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da11085cfa612b8b6e0841f95e6d4c3fb2481539
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to