Lucene search
K

331 matches found

CNNVD
CNNVD
added 2022/09/16 12:0 a.m.3 views

TestLink 跨站脚本漏洞

TestLink is a set of open source software used by TestLink team to manage software testing process and provide statistical analysis. A security vulnerability exists in TestLink v1.9.20, which originates from a security issue in /lib/inventory/inventoryView.php...

5.4CVSS5.8AI score0.00524EPSS
Exploits1References2
OSV
OSV
added 2022/05/24 4:52 p.m.18 views

GHSA-QCFR-65HF-F98X Jenkins TestLink Plugin stores credentials in plain text

Jenkins TestLink Plugin stores credentials unencrypted in its global configuration file hudson.plugins.testlink.TestLinkBuilder.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system. As of publication of this advisory, there is n...

3.3CVSS5.1AI score0.00502EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/24 4:52 p.m.20 views

Jenkins TestLink Plugin stores credentials in plain text

Jenkins TestLink Plugin stores credentials unencrypted in its global configuration file hudson.plugins.testlink.TestLinkBuilder.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system. As of publication of this advisory, there is n...

5.3CVSS6.7AI score0.00502EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/14 3:33 a.m.16 views

GHSA-3RRG-P8XC-3457 Stored cross-site scripting vulnerability in Jenkins TestLink Plugin

A cross-site scripting vulnerability exists in Jenkins TestLink Plugin 2.12 and earlier in TestLinkBuildAction/summary.jelly and others that allow an attacker who can control e.g. TestLink report names to have Jenkins serve arbitrary HTML and JavaScript...

5.4CVSS5.1AI score0.00719EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/05/14 3:33 a.m.20 views

Stored cross-site scripting vulnerability in Jenkins TestLink Plugin

A cross-site scripting vulnerability exists in Jenkins TestLink Plugin 2.12 and earlier in TestLinkBuildAction/summary.jelly and others that allow an attacker who can control e.g. TestLink report names to have Jenkins serve arbitrary HTML and JavaScript...

5.4CVSS6AI score0.00719EPSS
Exploits0References3Affected Software1
Exploit DB
Exploit DB
added 2021/12/09 12:0 a.m.475 views

TestLink 1.19 - Arbitrary File Download (Unauthenticated)

Exploit Title: TestLink 1.19 - Arbitrary File Download Unauthenticated Google Dork: inurl:/testlink/ Date: 07/12/2021 Exploit Author: Gonzalo Villegas Cl34r Exploit Author Homepage: https://nch.ninja Vendor Homepage: https://testlink.org/ Version:1.16 = 1.19 CVSS:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/12/09 12:0 a.m.399 views

TestLink 1.19 Arbitrary File Download

Exploit Title: TestLink 1.19 - Arbitrary File Download Unauthenticated Google Dork: inurl:/testlink/ Date: 07/12/2021 Exploit Author: Gonzalo Villegas Cl34r Exploit Author Homepage: https://nch.ninja Vendor Homepage: https://testlink.org/ Version:1.16 = 1.19 CVSS:...

7.4AI score
Exploits0
0day.today
0day.today
added 2021/12/09 12:0 a.m.513 views

TestLink 1.19 - Arbitrary File Download (Unauthenticated) Vulnerability

Exploit Title: TestLink 1.19 - Arbitrary File Download Unauthenticated Google Dork: inurl:/testlink/ Exploit Author: Gonzalo Villegas Cl34r Exploit Author Homepage: https://nch.ninja Vendor Homepage: https://testlink.org/ Version:1.16 = 1.19 CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N You...

9.8CVSS0.15926EPSS
Exploits6
Exploit DB
Exploit DB
added 2021/02/15 12:0 a.m.418 views

TestLink 1.9.20 - Unrestricted File Upload (Authenticated)

Exploit Title: TestLink 1.9.20 - Unrestricted File Upload Authenticated Date: 14th February 2021 Exploit Author: snovvcrash Original Research by: Ackcent AppSec Team Original Research: https://ackcent.com/testlink-1-9-20-unrestricted-file-upload-and-sql-injection/ Vendor Homepage:...

8.8CVSS8.8AI score0.15858EPSS
Exploits3
Packet Storm
Packet Storm
added 2021/02/14 12:0 a.m.335 views

TestLink 1.9.20 Shell Upload

Exploit Title: TestLink 1.9.20 - Unrestricted File Upload Authenticated Date: 14th February 2021 Exploit Author: snovvcrash Original Research by: Ackcent AppSec Team Original Research: https://ackcent.com/testlink-1-9-20-unrestricted-file-upload-and-sql-injection/ Vendor Homepage:...

6.5CVSS8.8AI score0.15858EPSS
Exploits3
CNVD
CNVD
added 2021/02/03 12:0 a.m.4 views

SQL Injection Vulnerability in Testlink

TestLink is a set of open source software for managing the software testing process and providing statistical analysis. A SQL injection vulnerability exists in Testlink. An attacker can exploit this vulnerability to execute illegal SQL commands...

8.2AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2020/07/07 12:0 a.m.1 views

TestLink installNewDB.php Remote Code Execution (CVE-2018-7466)

A remote code execution vulnerability exists in TestLink. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

6CVSS5.4AI score0.06365EPSS
Exploits9
CNVD
CNVD
added 2020/04/28 12:0 a.m.2 views

TestLink Input Validation Error Vulnerability

TestLink is a set of open source software for managing the software testing process and providing statistical analysis. An input validation error vulnerability exists in TestLink. Detailed vulnerability details are not available at this time...

9.8CVSS6.9AI score0.01227EPSS
Exploits0References1
CNVD
CNVD
added 2020/04/28 12:0 a.m.2 views

TestLink has an unspecified vulnerability

TestLink is the TestLink team's set of open source software for managing the software testing process and providing statistical analysis. An unspecified vulnerability exists in TestLink. An attacker can exploit this vulnerability to obtain credentials in plaintext with the 'viewer' parameter of t...

7.5CVSS6.8AI score0.00753EPSS
Exploits1References1
OSV
OSV
added 2020/04/27 1:15 p.m.15 views

CVE-2020-12274

In TestLink 1.9.20, the lib/cfields/cfieldsExport.php gobackurl parameter causes a security risk because it depends on client input and is not constrained to lib/cfields/cfieldsView.php at the web site associated with the session...

9.8CVSS6.8AI score
Exploits0References2
NVD
NVD
added 2020/04/27 1:15 p.m.9 views

CVE-2020-12274

In TestLink 1.9.20, the lib/cfields/cfieldsExport.php gobackurl parameter causes a security risk because it depends on client input and is not constrained to lib/cfields/cfieldsView.php at the web site associated with the session...

9.8CVSS9.4AI score0.01227EPSS
Exploits0References2
NVD
NVD
added 2020/04/27 1:15 p.m.11 views

CVE-2020-12273

In TestLink 1.9.20, a crafted login.php viewer parameter exposes cleartext credentials...

7.5CVSS7.5AI score0.00753EPSS
Exploits1References2
OSV
OSV
added 2020/04/27 1:15 p.m.17 views

CVE-2020-12273

In TestLink 1.9.20, a crafted login.php viewer parameter exposes cleartext credentials...

7.5CVSS6.8AI score
Exploits0References2
Prion
Prion
added 2020/04/27 1:15 p.m.14 views

Session fixation

In TestLink 1.9.20, the lib/cfields/cfieldsExport.php gobackurl parameter causes a security risk because it depends on client input and is not constrained to lib/cfields/cfieldsView.php at the web site associated with the session...

7.5CVSS9.3AI score0.01227EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2020/04/27 1:15 p.m.15 views

Design/Logic Flaw

In TestLink 1.9.20, a crafted login.php viewer parameter exposes cleartext credentials...

5CVSS7.5AI score0.00753EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder