331 matches found
Code injection
TestLink through 1.9.16 allows remote attackers to read arbitrary attachments via a modified ID field to /lib/attachments/attachmentdownload.php...
CVE-2018-7668
TestLink through 1.9.16 allows remote attackers to read arbitrary attachments via a modified ID field to /lib/attachments/attachmentdownload.php...
CVE-2018-7668
TestLink through 1.9.16 allows remote attackers to read arbitrary attachments via a modified ID field to /lib/attachments/attachmentdownload.php...
CVE-2018-7668
CVE-2018-7668 affects TestLink up to version 1.9.16. The issue allows remote attackers to read arbitrary attachments by sending a modified ID to the download endpoint at /lib/attachments/attachmentdownload.php. The root cause is an insecure reference to attachment IDs in the download handler, ena...
TestLink Insecure Direct Object Reference Vulnerability
Testlink is TestLink team developed a PHP-based open source test management tool . The tool provides test requirements management , test case management and test data statistics and other functions . TestLink 1.9.16 and previous versions of a security vulnerability . A remote attacker can send a...
TestLink Open Source Test Management Remote Code Execution
Title: TestLink Open Source Test Management comment out skip-networking as well as bind-address if any present in my.cnf i.e chang...
TestLink Open Source Test Management 1.9.16 - Remote Code Execution
TestLink Open Source Test Management 1.9.16 - Remote Code Execution Title: TestLink Open Source Test Management comment out skip-networking as well as bind-address if any present in m...
TestLink Open Source Test Management < 1.9.16 - Remote Code Execution
Title: TestLink Open Source Test Management comment out skip-networking as well as bind-address if any present in my.cnf i.e change line skip-netw...
TestLink Open Source Test Management Insecure Direct Object Reference Vulnerability
Exploit for php platform in category web applications ======================================================================= title: Insecure Direct Object Reference product: TestLink Open Source Test Management vulnerable version: 1.9.17 fixed version: 1.9.17 after November 2017, and the current...
TestLink Open Source Test Management Insecure Direct Object Reference
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Insecure Direct Object Reference product: TestLink Open Source Test Management vulnerable version: 1.9.17 fixed version: 1.9.17 after November 2017, and the current...
TestLink Injection Vulnerability
TestLink is a WEB-based test case management system. An injection vulnerability exists in install/installNewDB.php in versions 1.9.16 and earlier of TestLink. A remote attacker can exploit this vulnerability by providing a specially crafted long value during the installation process using control...
Design/Logic Flaw
install/installNewDB.php in TestLink through 1.9.16 allows remote attackers to conduct injection attacks by leveraging control over DB LOGIN NAMES data during installation to provide a long, crafted value...
CVE-2018-7466
install/installNewDB.php in TestLink through 1.9.16 allows remote attackers to conduct injection attacks by leveraging control over DB LOGIN NAMES data during installation to provide a long, crafted value...
CVE-2018-7466
install/installNewDB.php in TestLink through 1.9.16 allows remote attackers to conduct injection attacks by leveraging control over DB LOGIN NAMES data during installation to provide a long, crafted value...
CVE-2018-7466
install/installNewDB.php in TestLink through 1.9.16 allows remote attackers to conduct injection attacks by leveraging control over DB LOGIN NAMES data during installation to provide a long, crafted value...
CVE-2018-7466
TestLink Open Source Test Management
TestLink Cross-Site Scripting Vulnerability
Testlink is TestLink team developed a PHP-based open source test management tool . The tool provides test requirements management , test case management and test data statistics and other functions . TestLink version before 1.9.14 cross-site scripting vulnerability exists. Remote attackers can us...
TestLink SQL Injection Vulnerability (CNVD-2017-32128)
Testlink is TestLink team developed a PHP-based open source test management tool . The tool provides test requirements management , test case management and test data statistics and other functions . SQL injection vulnerability exists in versions of TestLink before 1.9.14. A remote attacker can...
Sql injection
SQL injection vulnerability in TestLink before 1.9.14 allows remote attackers to execute arbitrary SQL commands via the apikey parameter to lnl.php...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in TestLink before 1.9.14 allow remote attackers to inject arbitrary web script or HTML via the 1 selectedenddate or 2 selectedstartdate parameter to lib/results/tcCreatedPerUserOnTestProject.php; the 3 containerType parameter to...