331 matches found
TestLink 跨站脚本漏洞
TestLink is a set of open source software used by TestLink team to manage software testing process and provide statistical analysis. A security vulnerability exists in TestLink v1.9.20, which originates from a security issue in /lib/inventory/inventoryView.php...
GHSA-QCFR-65HF-F98X Jenkins TestLink Plugin stores credentials in plain text
Jenkins TestLink Plugin stores credentials unencrypted in its global configuration file hudson.plugins.testlink.TestLinkBuilder.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system. As of publication of this advisory, there is n...
Jenkins TestLink Plugin stores credentials in plain text
Jenkins TestLink Plugin stores credentials unencrypted in its global configuration file hudson.plugins.testlink.TestLinkBuilder.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system. As of publication of this advisory, there is n...
GHSA-3RRG-P8XC-3457 Stored cross-site scripting vulnerability in Jenkins TestLink Plugin
A cross-site scripting vulnerability exists in Jenkins TestLink Plugin 2.12 and earlier in TestLinkBuildAction/summary.jelly and others that allow an attacker who can control e.g. TestLink report names to have Jenkins serve arbitrary HTML and JavaScript...
Stored cross-site scripting vulnerability in Jenkins TestLink Plugin
A cross-site scripting vulnerability exists in Jenkins TestLink Plugin 2.12 and earlier in TestLinkBuildAction/summary.jelly and others that allow an attacker who can control e.g. TestLink report names to have Jenkins serve arbitrary HTML and JavaScript...
TestLink 1.19 - Arbitrary File Download (Unauthenticated)
Exploit Title: TestLink 1.19 - Arbitrary File Download Unauthenticated Google Dork: inurl:/testlink/ Date: 07/12/2021 Exploit Author: Gonzalo Villegas Cl34r Exploit Author Homepage: https://nch.ninja Vendor Homepage: https://testlink.org/ Version:1.16 = 1.19 CVSS:...
TestLink 1.19 Arbitrary File Download
Exploit Title: TestLink 1.19 - Arbitrary File Download Unauthenticated Google Dork: inurl:/testlink/ Date: 07/12/2021 Exploit Author: Gonzalo Villegas Cl34r Exploit Author Homepage: https://nch.ninja Vendor Homepage: https://testlink.org/ Version:1.16 = 1.19 CVSS:...
TestLink 1.19 - Arbitrary File Download (Unauthenticated) Vulnerability
Exploit Title: TestLink 1.19 - Arbitrary File Download Unauthenticated Google Dork: inurl:/testlink/ Exploit Author: Gonzalo Villegas Cl34r Exploit Author Homepage: https://nch.ninja Vendor Homepage: https://testlink.org/ Version:1.16 = 1.19 CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N You...
TestLink 1.9.20 - Unrestricted File Upload (Authenticated)
Exploit Title: TestLink 1.9.20 - Unrestricted File Upload Authenticated Date: 14th February 2021 Exploit Author: snovvcrash Original Research by: Ackcent AppSec Team Original Research: https://ackcent.com/testlink-1-9-20-unrestricted-file-upload-and-sql-injection/ Vendor Homepage:...
TestLink 1.9.20 Shell Upload
Exploit Title: TestLink 1.9.20 - Unrestricted File Upload Authenticated Date: 14th February 2021 Exploit Author: snovvcrash Original Research by: Ackcent AppSec Team Original Research: https://ackcent.com/testlink-1-9-20-unrestricted-file-upload-and-sql-injection/ Vendor Homepage:...
SQL Injection Vulnerability in Testlink
TestLink is a set of open source software for managing the software testing process and providing statistical analysis. A SQL injection vulnerability exists in Testlink. An attacker can exploit this vulnerability to execute illegal SQL commands...
TestLink installNewDB.php Remote Code Execution (CVE-2018-7466)
A remote code execution vulnerability exists in TestLink. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
TestLink Input Validation Error Vulnerability
TestLink is a set of open source software for managing the software testing process and providing statistical analysis. An input validation error vulnerability exists in TestLink. Detailed vulnerability details are not available at this time...
TestLink has an unspecified vulnerability
TestLink is the TestLink team's set of open source software for managing the software testing process and providing statistical analysis. An unspecified vulnerability exists in TestLink. An attacker can exploit this vulnerability to obtain credentials in plaintext with the 'viewer' parameter of t...
CVE-2020-12274
In TestLink 1.9.20, the lib/cfields/cfieldsExport.php gobackurl parameter causes a security risk because it depends on client input and is not constrained to lib/cfields/cfieldsView.php at the web site associated with the session...
CVE-2020-12274
In TestLink 1.9.20, the lib/cfields/cfieldsExport.php gobackurl parameter causes a security risk because it depends on client input and is not constrained to lib/cfields/cfieldsView.php at the web site associated with the session...
CVE-2020-12273
In TestLink 1.9.20, a crafted login.php viewer parameter exposes cleartext credentials...
CVE-2020-12273
In TestLink 1.9.20, a crafted login.php viewer parameter exposes cleartext credentials...
Session fixation
In TestLink 1.9.20, the lib/cfields/cfieldsExport.php gobackurl parameter causes a security risk because it depends on client input and is not constrained to lib/cfields/cfieldsView.php at the web site associated with the session...
Design/Logic Flaw
In TestLink 1.9.20, a crafted login.php viewer parameter exposes cleartext credentials...