TestLink 1.9.13 Cross Site Scripting

Information -------------------- Advisory by Netsparker. Name: Multiple XSS Vulnerabilities in TestLink 1.9.13 Affected Software : TestLink Affected Versions: 1.9.1.3 and possibly below Vendor Homepage : http://testlink.org/ Vulnerability Type : Cross-site Scripting Severity : Important Status :...

TestLink 1.9.13 SQL Injection

Information -------------------- Advisory by Netsparker. Name: SQL Injection Vulnerability in TestLink 1.9.13 Affected Software : TestLink Affected Versions: 1.9.1.3 and possibly below Vendor Homepage : http://testlink.org/ Vulnerability Type : SQL Injection Severity : Critical Status : Fixed...

TestLink 1.9.13 Cross Site Scripting / SQL Injection Vulnerabilities

Exploit for php platform in category web applications Information -------------------- Advisory by Netsparker. Name: SQL Injection Vulnerability in TestLink 1.9.13 Affected Software : TestLink Affected Versions: 1.9.1.3 and possibly below Vendor Homepage : http://testlink.org/ Vulnerability Type ...

[KIS-2014-12] TestLink <= 1.9.12 (database.class.php) Path Disclosure Weakness

---------------------------------------------------------------- TestLink = 1.9.12 database.class.php Path Disclosure Weakness ---------------------------------------------------------------- - Software Link: http://testlink.org/ - Affected Versions: Version 1.9.12 and prior versions. - Weakness...

[KIS-2014-11] TestLink <= 1.9.12 (execSetResults.php) PHP Object Injection Vulnerability

-------------------------------------------------------------------------- TestLink = 1.9.12 execSetResults.php PHP Object Injection Vulnerability -------------------------------------------------------------------------- - Software Link: http://testlink.org/ - Affected Versions: Version 1.9.12 a...

CVE-2014-8081

lib/execute/execSetResults.php in TestLink before 1.9.13 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the filterresultresult parameter...

CVE-2014-8082

lib/functions/database.class.php in TestLink before 1.9.13 allows remote attackers to obtain sensitive information via unspecified vectors, which reveals the installation path in an error message...

Design/Logic Flaw

lib/functions/database.class.php in TestLink before 1.9.13 allows remote attackers to obtain sensitive information via unspecified vectors, which reveals the installation path in an error message...

Design/Logic Flaw

lib/execute/execSetResults.php in TestLink before 1.9.13 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the filterresultresult parameter...

CVE-2014-8081

lib/execute/execSetResults.php in TestLink before 1.9.13 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the filterresultresult parameter...

CVE-2014-8082

lib/functions/database.class.php in TestLink before 1.9.13 allows remote attackers to obtain sensitive information via unspecified vectors, which reveals the installation path in an error message...

CVE-2014-8082

The CVE-2014-8082 issue affects TestLink versions up to 1.9.12 (pre-1.9.13). The vulnerability is in lib/functions/database.class.php and stems from debug output (debug_print_backtrace) revealing the installation path in error messages, enabling information disclosure. Public advisories describe ...

CVE-2014-8081

CVE-2014-8081 affects TestLink up to version 1.9.12 (and earlier) where lib/execute/execSetResults.php processes the filter_result_result parameter unsafely, allowing PHP object injection and arbitrary code execution. The vulnerability stems from unserialize on user input, enabling crafted serial...

TestLink 1.9.12 Multiple Vulnerabilities

TestLink versions 1.9.12 and below suffer from a path disclosure weakness and below suffer from a PHP object injection vulnerability in execSetResults.php ---------------------------------------------------------------- TestLink "; debugprintbacktrace; echo ""; 211. 212. else 213. 214. echo "";...

TestLink 1.9.11 - Multiple SQL Injection Vulnerabilities

No description provided by source. Vulnerability title: Multiple SQL Injection Vulnerabilities in TestLink CVE: CVE-2014-5308 Vendor: Testlink Product: TestLink Affected version: 1.9.11 Fixed version: Fixed in SVN commit number 7a09973 Reported by: Jerzy Kramarz Details: Two SQL injection...

CVE-2014-5308

Multiple SQL injection vulnerabilities in TestLink 1.9.11 allow remote authenticated users to execute arbitrary SQL commands via the 1 name parameter in a Search action to lib/project/projectView.php or 2 id parameter to lib/events/eventinfo.php...

Sql injection

Multiple SQL injection vulnerabilities in TestLink 1.9.11 allow remote authenticated users to execute arbitrary SQL commands via the 1 name parameter in a Search action to lib/project/projectView.php or 2 id parameter to lib/events/eventinfo.php...

CVE-2014-5308

Multiple SQL injection vulnerabilities in TestLink 1.9.11 allow remote authenticated users to execute arbitrary SQL commands via the 1 name parameter in a Search action to lib/project/projectView.php or 2 id parameter to lib/events/eventinfo.php...

CVE-2014-5308

Summary (CVE-2014-5308) : In TestLink 1.9.11, there are multiple SQL injection vulnerabilities exploitable by an authenticated remote attacker . The confirmed vectors affect: (1) the name parameter of the Search action to lib/project/projectView.php, and (2) the id parameter to lib/events/eventin...

TestLink 1.9.11 - Multiple SQL Injections

TestLink 1.9.11 - Multiple SQL Injections Vulnerability title: Multiple SQL Injection Vulnerabilities in TestLink CVE: CVE-2014-5308 Vendor: Testlink Product: TestLink Affected version: 1.9.11 Fixed version: Fixed in SVN commit number 7a09973 Reported by: Jerzy Kramarz Details: Two SQL injection...