No Images Added Yet

Trouble Ticket Express

Rated4.5/5 (439 ratings)
Add to Favorites
Publisher
Free trouble ticket software. Simple yet powerful help desk for your web site.
Product Details

Free trouble ticket software. Simple yet powerful help desk for your web site. Features trouble ticket tracking, email alerts, unlimited operators, ticket transfers and highly customizable html and email templates. Additional modules for file uploads, email based submissions, SQL database, user groups, inventory management.

Report this Listing
Price
Free
Licence Type
Free
Views
8,141
Submitted on
3rd January 2004
Last Updated
29th March 2009

You May Also Like

User Reviews

Please rate the listing and tell the world know what do you think about the listing.
(439 ratings)
Average User Rating: 4.5/5
Horrible security by design
Reviewed byUSA IT ProfessionalonFri, 15th June 2012
Rating 1 - Poor
Trouble Ticket Express is built from the ground up with no intention for security. There are too many issues to list them all, so below are a few. The software allows: the software stores config data in non-code bearing ".cgi" files, and constantly rewrites those files (even with MySQL module in use) server side configs can have data injected into them by any software or person capable of generating a URL (no auth required) anyone smart enough to edit their local computer's host file to "hack" a new domain name into a TTX config the install program itself says to install data files and directory with 777 perms in UNIX ... the list goes on forever This software is only useful for internal use, and only then if you blindly trust every one of the users and systems capable of communicating with this software.
eastwright
Fri, 28th December 2012
Horrible review (by intention?) Yes, the software keeps data in *.cgi files to ensure that nobody can access the files by accessing them via browser, even if a customer does not follow setup wizard recommendations and places data files under web root directory. Try to open such file, and all you get is internal server error. "Server side configs can have data injected" - it would be a severe vulnerability... if it existed. And even worse: assuming that the vulnerability exists, posting hints instead of contacting developer of the open source software does not seem to be professional to begin with... Anyone can "hack" domain name by editing local hosts file? Sure. But the config file will be "re-hacked" back instantly, by anyone "not smart enough to edit local hosts file". So, what is the point? Sending an email with wrong link? But why not just send legitimate-looking email from your account? Less work and guaranteed result. "the list goes on forever" - why not use our help desk or web forum to submit the list? We all know that there is no such thing as vulnerability-free software. For non-believers I suggest subscribing to CVE or just to RedHat/Ubuntu security notifications. All those lists are result of work of true professionals, the guys who want to make Internet more secure place by reporting bugs and vulnerabilities to authors. Sincerely, Alex Pavlov
Displaying 1-1 out of 1 reviews
View All Reviews