Security Advisory 2011-03 – Vulnerabilities in OTRS-Core allows read access to any file on local file system

August 2011

  August 16, 2011 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Report a Vulnerability: security@otrs.org   Security Advisory Details ID: OSA-2011-03 Date: 2011-08-16 Title: Vulnerabilities in OTRS-Core allows read access to any file on local file system Severity: Moderate Product: OTRS 2.1.x, 2.2.x, 2.3.x,

Read More

Security Advisory 2011-02 – Vulnerability in OTRS iPhoneHandle interface allows user with valid session privilege escalation

July 2011

  July 12, 2011 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Report a Vulnerability: security@otrs.org   Security Advisory Details ID: OSA-2011-02 Date: 2011-07-12 Title: Vulnerability in OTRS iPhoneHandle interface allows user with valid session privilege escalation Severity: Critical Product: iPhoneHandle 1.0.x (OTRS 3.0), iPhoneHandle

Read More

Security Advisory 2011-01 – Several XSS attacks possible

April 2011

    April 04, 2011 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Report a Vulnerability: security@otrs.org   Security Advisory Details Date: Apr 04, 2011 Title: Several XSS attacks possible Severity: Less Critical Affected: – OTRS Help Desk 2.4.x, 3.0.x Fixed in: – OTRS Help

Read More

Security Advisory 2010-03 – AgentTicketZoom is vulnerable to XSS attacks from HTML e-mails

October 2010

October 26, 2010 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Report a Vulnerability: security@otrs.org Recommended Resolution Affected by this vulnerability are all releases of OTRS 2.4.x up to and including 2.4.8. This vulnerability is fixed in OTRS 2.4.9 and it is recommended to upgrade

Read More

Security Advisory 2010-02 – Multiple XSS and denial of service vulnerabilities

September 2010

September 15, 2010 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Report a Vulnerability: security@otrs.org Recommended Resolution This vulnerability is fixed in OTRS Help Desk 2.4.8 as well as OTRS Help Desk 2.3.6 and it is recommended to upgrade to these higher versions. Fixed OTRS releases can be found at:

Read More

Security Advisory 2010-01 – Vulnerability in OTRS-Core allows SQL injection

February 2010

February 8, 2010 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Report a Vulnerability: security@otrs.org Recommended Resolution These vulnerabilities are fixed in OTRS 2.1.9, OTRS 2.2.9, OTRS 2.3.5 and OTRS 2.4.7, and it is recommended to upgrade to one of these versions. Fixed OTRS releases

Read More

Security Advisory 2008-01 – Vulnerability in OTRS SOAP interface allows remote access without valid SOAP user

March 2008

March 31, 2008 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Report a Vulnerability: security@otrs.org Recommended Resolution This vulnerability is fixed in OTRS 2.1.8 and OTRS 2.2.6, and it is recommended to upgrade to one of these versions. Fixed OTRS releases can be found at:

Read More

Security Advisory 2007-01 – Vulnerability in OTRS agent mailbox view allows Cross-Site-Scripting

May 2007

May 24, 2007 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Report a Vulnerability: security@otrs.org Recommended Resolution This vulnerability is fixed in OTRS 2.0.5, and it is recommended to upgrade to this version. Workaround Next to upgrading to the mentioned fixed releases, a workaround is

Read More

Security Advisory 2005-01 – Vulnerabilities in OTRS-Core allows SQL-Injection and Cross-Site-Scripting

November 2005

November 22, 2005 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Report a Vulnerability: security@otrs.org Recommended Resolution These vulnerabilities are fixed in OTRS 2.0.4 and OTRS 1.3.3, and it is recommended to upgrade to one of these versions. Workaround As a workaround for vulnerability #2

Read More