CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

331 matches found

Exploit DB•added 2010/01/18 12:0 a.m.•27 views

TestLink 1.8.5 - 'order_by_login_dir' Cross-Site Scripting

source: https://www.securityfocus.com/bid/37839/info TestLink is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of t...

7.4AI score

Exploits0

Exploit DB•added 2010/01/18 12:0 a.m.•31 views

Testlink TestManagement and Execution System 1.8.5 - Multiple Directory Traversal Vulnerabilities

1.Title :Multiple directory Traversal Vulnerabilites in Testlink TestManagement and Execution System. Discovered by: Prashant Khandelwal [email protected] Submitted :Jan-15-2010 Bugtraq id : https://www.securityfocus.com/bid/37824 Secunia : http://secunia.com/advisories/38201/ 2.Vulnerabili...

7.4AI score

Exploits0

Packet Storm•added 2010/01/16 12:0 a.m.•15 views

Testlink TestManagement And Execution System Cross Site Scripting

1.Title :Cross site scriping Vulnerabilites in Testlink TestManagement and Execution System. Discovered by: Prashant Khandelwal [email protected] 2.Vulnerability Information Class: Cross site scriping Impact :Code execution Remotely Exploitable: Yes Locally Exploitable: No 3. Vulnerable...

7.4AI score

Exploits0

Packet Storm•added 2010/01/16 12:0 a.m.•22 views

Testlink TestManagement And Execution System Directory Traversal

1.Title :Multiple Directory traversal Vulnerabilites in Testlink Test Management and Execution System. Discovered by: Prashant Khandelwal [email protected] 2.Vulnerability Information Class: Directory Traversal Remotely Exploitable: Yes Locally Exploitable: No 3.Vulnerable packages. Version...

7.4AI score

Exploits0

securityvulns•added 2009/12/15 12:0 a.m.•64 views

CORE-2009-1013: Multiple XSS and Injection Vulnerabilities in TestLink Test Management and Execution System

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Multiple XSS and Injection Vulnerabilities in TestLink Test Management and Execution System 1. Advisory Information Title: Multiple XSS and Injection Vulnerabilities ...

6.5CVSS6.7AI score0.03306EPSS

Exploits8

Prion•added 2009/12/10 11:30 p.m.•10 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in TestLink before 1.8.5 allow remote attackers to inject arbitrary web script or HTML via 1 the req parameter to login.php, and allow remote authenticated users to inject arbitrary web script or HTML via 2 the key parameter to...

3.5CVSS5.7AI score0.03306EPSS

Exploits7References9Affected Software1

NVD•added 2009/12/10 11:30 p.m.•18 views

CVE-2009-4237

3.5CVSS5.3AI score0.03306EPSS

Exploits7References9

NVD•added 2009/12/10 11:30 p.m.•17 views

CVE-2009-4238

Multiple SQL injection vulnerabilities in TestLink before 1.8.5 allow remote authenticated users to execute arbitrary SQL commands via 1 the Test Case ID field to lib/general/navBar.php or 2 the logLevel parameter to lib/events/eventviewer.php...

6.5CVSS8AI score0.01082EPSS

Exploits7References6

Prion•added 2009/12/10 11:30 p.m.•10 views

Sql injection

6.5CVSS8.7AI score0.01082EPSS

Exploits7References6Affected Software1

Cvelist•added 2009/12/10 11:0 p.m.•28 views

CVE-2009-4237

5.3AI score0.03306EPSS

Exploits7References9

Cvelist•added 2009/12/10 11:0 p.m.•25 views

CVE-2009-4238

7.9AI score0.01082EPSS

Exploits7References6

CVE•added 2009/12/10 11:0 p.m.•63 views

CVE-2009-4238

TestLink prior to 1.8.5 contains multiple SQL injection vulnerabilities that allow remote authenticated users to execute arbitrary SQL commands via inputs such as the Test Case ID field (lib/general/navBar.php) or the logLevel parameter (lib/events/eventviewer.php). The issue stems from insuffici...

6.5CVSS7.9AI score0.01082EPSS

Exploits7References6Affected Software1

CVE•added 2009/12/10 11:0 p.m.•52 views

CVE-2009-4237

TestLink (before version 1.8.5) is affected by multiple XSS and SQL injection vulnerabilities. The XSS flaws affect inputs across several scripts (e.g., login.php req parameter; lib/general/staticPage.php key; lib/attachments/attachmentupload.php tableName; lib/events/eventviewer.php startDate, e...

3.5CVSS5.3AI score0.03306EPSS

Exploits7References9Affected Software1

Tenable Nessus•added 2009/12/10 12:0 a.m.•17 views

TestLink < 1.8.5 Multiple Vulnerabilities

Binary data 5258.prm...

6.5CVSS7.3AI score0.03306EPSS

Exploits8References3

Packet Storm•added 2009/12/10 12:0 a.m.•50 views

Core Security Technologies Advisory 2009.1013

6.5CVSS0.5AI score0.03306EPSS

Exploits8

Positive Technologies•added 2009/12/10 12:0 a.m.•2 views

PT-2009-6400 · Testlink Team · Testlink

Name of the Vulnerable Software and Affected Versions: TestLink versions prior to 1.8.5 Description: The issue allows remote authenticated users to execute arbitrary SQL commands. This can be achieved via the Test Case ID field to "lib/general/navBar.php" or the logLevel parameter to...

6.5CVSS7.1AI score0.01082EPSS

Exploits7References8

Tenable Nessus•added 2009/12/10 12:0 a.m.•63 views

TestLink login.php req Parameter XSS

The remote web server is hosting TestLink, a test-management application written in PHP. The installed version of TestLink is affected by a cross-site scripting vulnerability in the 'req' parameter of the 'login.php' script. An attacker could exploit this flaw to execute arbitrary script code in ...

3.5CVSS5.8AI score0.03306EPSS

Exploits7References3

OpenVAS•added 2009/12/10 12:0 a.m.•10 views

TestLink Detection (HTTP)

HTTP based detection of TestLink. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.100389";...

7.4AI score

Exploits0References1

OpenVAS•added 2009/12/10 12:0 a.m.•19 views

TestLink < 1.8.5 Multiple Vulnerabilities

TestLink is prone to multiple SQL injection SQLi and cross-site scripting XSS vulnerabilities because it fails to sufficiently sanitize user-supplied data. Copyright C 2009 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

6.7AI score

Exploits0References3

Exploit DB•added 2009/12/09 12:0 a.m.•50 views

TestLink Test Management and Execution System - Multiple Cross-Site Scripting / Injection Vulnerabilities

Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Multiple XSS and Injection Vulnerabilities in TestLink Test Management and Execution System 1. Advisory Information Title: Multiple XSS and Injection Vulnerabilities in TestLink Test Management and Execution Syst...

6.5CVSS6.4AI score0.03306EPSS

Exploits8

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by