331 matches found
TestLink 1.9.11 - Multiple SQL Injections
Vulnerability title: Multiple SQL Injection Vulnerabilities in TestLink CVE: CVE-2014-5308 Vendor: Testlink Product: TestLink Affected version: 1.9.11 Fixed version: Fixed in SVN commit number 7a09973 Reported by: Jerzy Kramarz Details: Two SQL injection vulnerabilities have been found and...
TestLink 1.9.11 - Multiple SQL Injection Vulnerabilities
Two SQL injection vulnerabilities have been found and confirmed within the software as an authenticated user. A successful attack could allow an authenticated attacker to access information such as usernames and password hashes that are stored in the database. The following URLs and parameters ha...
TestLink 1.9.11 SQL Injection
Vulnerability title: Multiple SQL Injection Vulnerabilities in TestLink CVE: CVE-2014-5308 Vendor: Testlink Product: TestLink Affected version: 1.9.11 Fixed version: Fixed in SVN commit number 7a09973 Reported by: Jerzy Kramarz Details: Two SQL injection vulnerabilities have been found and...
CVE-2012-0939
Multiple SQL injection vulnerabilities in TestLink 1.8.5b and earlier allow remote authenticated users with the Requirement view permission to execute arbitrary SQL commands via the reqspecid parameter to 1 reqSpecAnalyse.php, 2 reqSpecPrint.php, or 3 reqSpecView.php in requirements/. NOTE: some ...
CVE-2012-0938
Multiple SQL injection vulnerabilities in TestLink 1.9.3, 1.8.5b, and earlier allow remote authenticated users with certain permissions to execute arbitrary SQL commands via the rootnode parameter in the displaychildren function to 1 getrequirementnodes.php or 2 gettprojectnodes.php in lib/ajax/;...
Sql injection
Multiple SQL injection vulnerabilities in TestLink 1.9.3, 1.8.5b, and earlier allow remote authenticated users with certain permissions to execute arbitrary SQL commands via the rootnode parameter in the displaychildren function to 1 getrequirementnodes.php or 2 gettprojectnodes.php in lib/ajax/;...
Sql injection
Multiple SQL injection vulnerabilities in TestLink 1.8.5b and earlier allow remote authenticated users with the Requirement view permission to execute arbitrary SQL commands via the reqspecid parameter to 1 reqSpecAnalyse.php, 2 reqSpecPrint.php, or 3 reqSpecView.php in requirements/. NOTE: some ...
CVE-2012-0938
Multiple SQL injection vulnerabilities in TestLink 1.9.3, 1.8.5b, and earlier allow remote authenticated users with certain permissions to execute arbitrary SQL commands via the rootnode parameter in the displaychildren function to 1 getrequirementnodes.php or 2 gettprojectnodes.php in lib/ajax/;...
CVE-2012-0939
Multiple SQL injection vulnerabilities in TestLink 1.8.5b and earlier allow remote authenticated users with the Requirement view permission to execute arbitrary SQL commands via the reqspecid parameter to 1 reqSpecAnalyse.php, 2 reqSpecPrint.php, or 3 reqSpecView.php in requirements/. NOTE: some ...
CVE-2012-0939
CVE-2012-0939 affects TestLink up to v1.8.5b; the vulnerability is an SQL injection in the requirements module. Specifically, unauthenticated? No: remote authenticated users with the Requirement view permission can exploit the flaw via req_spec_id in reqSpecAnalyse.php, reqSpecPrint.php, or reqSp...
CVE-2012-0938
Summary of CVE-2012-0938 (TestLink SQL Injection) : Affected software is TestLink v1.8.5b and v1.9.3 (and possibly earlier) with multiple SQL injection flaws that permit remote authenticated users with certain permissions to execute arbitrary SQL via various parameters in lib/ajax, lib/cfields, l...
Testlink TestManagement and Execution System 1.8.5 - Multiple Directory Traversal Vulnerabilites
No description provided by source. 1.Title :Multiple directory Traversal Vulnerabilites in Testlink TestManagement and Execution System. Discovered by: Prashant Khandelwal [email protected]:[email protected] Submitted :Jan-15-2010 Bugtraq id :...
TestLink <= 1.8.5 'order_by_login_dir' Parameter Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/37839/info TestLink is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...
TestLink 1.9.3 CSRF Vulnerability
No description provided by source. 下面poc会修改管理员邮箱: document.getElementById'btn'.click;...
TestLink Test Management and Execution System - Multiple XSS and Injection Vulnerabilities
No description provided by source. Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Multiple XSS and Injection Vulnerabilities in TestLink Test Management and Execution System 1. Advisory Information Title: Multiple XSS and Injection Vulnerabilities in TestLink...
TestLink 1.9.3 - Arbitrary File Upload Vulnerability
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...
CVE-2012-2275
Multiple cross-site request forgery CSRF vulnerabilities in TestLink 1.9.3 and earlier allow remote attackers to hijack the authentication of users for requests that add, delete, or modify sensitive information, as demonstrated by changing the administrator's email via an editUser action to...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in TestLink 1.9.3 and earlier allow remote attackers to hijack the authentication of users for requests that add, delete, or modify sensitive information, as demonstrated by changing the administrator's email via an editUser action to...
CVE-2012-2275
Multiple cross-site request forgery CSRF vulnerabilities in TestLink 1.9.3 and earlier allow remote attackers to hijack the authentication of users for requests that add, delete, or modify sensitive information, as demonstrated by changing the administrator's email via an editUser action to...
CVE-2012-2275
CVE-2012-2275 refers to CSRF vulnerabilities in TestLink 1.9.3 and earlier that allow an attacker to hijack a logged-in user’s session and perform sensitive actions, such as changing the administrator’s email via lib/usermanagement/userInfo.php. The root cause is inadequate request validation for...