An issue was discovered in osTicket versions before 1.10.7 and 1.12.x before 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname…
>> AUTHOR: deepcore
Joomla! Component JS Support Ticket (com_jssupportticket) 1.1.6 – ‘ticketreply.php’ SQL Injection
osTicket 1.12 – Persistent Cross-Site Scripting via File Upload
Joomla! Component JS Support Ticket (com_jssupportticket) 1.1.6 – ‘ticket.php’ Arbitrary File Deletion
osTicket 1.12 – Persistent Cross-Site Scripting
osTicket 1.12 – Formula Injection
ManageEngine Application Manager 14.2 – Privilege Escalation / Remote Command Execution (Metasploit)
ManageEngine OpManager 12.4x – Privilege Escalation / Remote Command Execution (Metasploit)
ManageEngine OpManager 12.4x – Unauthenticated Remote Command Execution (Metasploit)
Webmin 1.920 – Unauthenticated Remote Code Execution (Metasploit)