15 matches found
EUVD-2020-7900
Malware in sbrugna...
EUVD-2020-7901
Malware in sbrugna...
CVE-2020-15929
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters passed to system/runners/HTMLRunner.cfm allow an attacker to write an arbitrary CFM file within the application's context containing attacker-defined CFML tags, leading to Remote Code Execution...
CVE-2020-15928
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters to test-browser/index.cfm allow directory traversal...
CVE-2020-15929
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters passed to system/runners/HTMLRunner.cfm allow an attacker to write an arbitrary CFM file within the application's context containing attacker-defined CFML tags, leading to Remote Code Execution...
CVE-2020-15928
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters to test-browser/index.cfm allow directory traversal...
CVE-2020-15929
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters passed to system/runners/HTMLRunner.cfm allow an attacker to write an arbitrary CFM file within the application's context containing attacker-defined CFML tags, leading to Remote Code Execution...
Directory traversal
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters to test-browser/index.cfm allow directory traversal...
Remote code execution
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters passed to system/runners/HTMLRunner.cfm allow an attacker to write an arbitrary CFM file within the application's context containing attacker-defined CFML tags, leading to Remote Code Execution...
CVE-2020-15928
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters to test-browser/index.cfm allow directory traversal...
CVE-2020-15928
In Ortus TestBox versions 2.4.0 through 4.1.0, unvalidated query string parameters to test-browser/index.cfm enable directory traversal, per CVE-2020-15928. Public exploit references exist (e.g., Exploit DB). The root cause is the lack of validation on user-supplied query parameters in that path,...
CVE-2020-15929
Affected software: Ortus TestBox 2.4.0–4.1.0. Vulnerability: unvalidated query string parameters passed to system/runners/HTMLRunner.cfm allow writing an arbitrary CFM file within the application context, enabling Remote Code Execution. Root cause: unvalidated/unsafeguarded input in the HTMLRunne...
CVE-2020-15929
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters passed to system/runners/HTMLRunner.cfm allow an attacker to write an arbitrary CFM file within the application's context containing attacker-defined CFML tags, leading to Remote Code Execution...
Ortus Solutions Testbox Command Injection Vulnerability
Ortus Solutions Ortus Solutions Testbox is a behavior-driven testing framework for ColdFusion environments from Ortus Solutions, USA. A security vulnerability in Ortus TestBox versions 2.4.0 through 4.1.0, which originates from an unvalidated query string parameter passed to...
Ortus TestBox Path Traversal Vulnerability
Ortus Solutions Ortus Solutions Testbox is a behavior-driven testing framework for ColdFusion environments from Ortus Solutions, USA. A path traversal vulnerability exists in Ortus TestBox versions 2.4.0 through 4.1.0, which stems from an unvalidated query string parameter test-browser/index.cfm...