25 matches found
CVE-2021-28022
Blind SQL injection in the login form in ServiceTonic Helpdesk software 9.0.35937 allows attacker to exfiltrate information via specially crafted HQL-compatible time-based SQL queries...
CVE-2021-28024
Unauthorized system access in the login form in ServiceTonic Helpdesk software version 9.0.35937 allows attacker to login without using a password...
EUVD-2021-14740
Malware in sbrugna...
EUVD-2021-14742
Malware in sbrugna...
EUVD-2021-14741
Malware in sbrugna...
CVE-2021-28023
Arbitrary file upload in Service import feature in ServiceTonic Helpdesk software version 9.0.35937 allows a malicious user to execute JSP code by uploading a zip that extracts files in relative paths...
ServiceTonic SQL Injection Vulnerability
ServiceTonic, an ITIL-compliant service desk and enterprise services software, has a SQL injection vulnerability in the login form in versions prior to ServiceTonic 9.0.35937. An attacker could exploit the vulnerability to steal information via a specially crafted, HQL-compatible, time-series SQL...
ServiceTonic Arbitrary File Upload Vulnerability
ServiceTonic is an ITIL-compliant service desk and enterprise service software. serviceTonic versions prior to 9.0.35937 have an arbitrary file upload vulnerability in the service import feature. An attacker could exploit the vulnerability to execute JSP code by uploading a zip file that extracts...
ServiceTonic Improper Access Control Vulnerability
ServiceTonic is an ITIL-compliant service desk and enterprise services software. serviceTonic versions prior to 9.0.35937 are vulnerable to an improper access control vulnerability. An attacker could exploit this vulnerability to gain unauthorized access to the system via the login form, allowing...
CVE-2021-28023
Arbitrary file upload in Service import feature in ServiceTonic Helpdesk software version 9.0.35937 allows a malicious user to execute JSP code by uploading a zip that extracts files in relative paths...
CVE-2021-28024
Unauthorized system access in the login form in ServiceTonic Helpdesk software version 9.0.35937 allows attacker to login without using a password...
CVE-2021-28024
Unauthorized system access in the login form in ServiceTonic Helpdesk software version 9.0.35937 allows attacker to login without using a password...
CVE-2021-28022
Blind SQL injection in the login form in ServiceTonic Helpdesk software 9.0.35937 allows attacker to exfiltrate information via specially crafted HQL-compatible time-based SQL queries...
Design/Logic Flaw
Unauthorized system access in the login form in ServiceTonic Helpdesk software version 9.0.35937 allows attacker to login without using a password...
Sql injection
Blind SQL injection in the login form in ServiceTonic Helpdesk software 9.0.35937 allows attacker to exfiltrate information via specially crafted HQL-compatible time-based SQL queries...
Design/Logic Flaw
Arbitrary file upload in Service import feature in ServiceTonic Helpdesk software version 9.0.35937 allows a malicious user to execute JSP code by uploading a zip that extracts files in relative paths...
CVE-2021-28024
CVE-2021-28024 affects ServiceTonic Helpdesk prior to version 9.0.35937. The vulnerability is an improper access control in the login form that lets an attacker sign in without a password, enabling unauthorized system access. Connected documents corroborate the issue across multiple sources (Red ...
CVE-2021-28024
Unauthorized system access in the login form in ServiceTonic Helpdesk software version 9.0.35937 allows attacker to login without using a password...
CVE-2021-28023
CVE-2021-28023 affects ServiceTonic Helpdesk software prior to version 9.0.35937. An arbitrary file upload vulnerability exists in the Service import feature, allowing a malicious user to execute JSP code by uploading a ZIP that extracts files using relative paths. Root cause: extraction of archi...
CVE-2021-28023
Arbitrary file upload in Service import feature in ServiceTonic Helpdesk software version 9.0.35937 allows a malicious user to execute JSP code by uploading a zip that extracts files in relative paths...