69 matches found
CVE-2021-36538
Cross Site Scripting XSS vulnerability in Gurock TestRail before 7.1.2 allows remote authenticated attackers to run arbitrary code via the reference field in milestones or description fields in reports...
GHSA-PWRM-8MVM-P2F2 Jenkins Agiletestware Pangolin Connector for TestRail Plugin CSRF vulnerability and missing permission checks
A data modification vulnerability exists in Jenkins Agiletestware Pangolin Connector for TestRail Plugin 2.1 and earlier in GlobalConfig.java that allows attackers with Overall/Read permission to override this plugin's configuration by sending crafted HTTP requests to an unprotected endpoint...
Jenkins Agiletestware Pangolin Connector for TestRail Plugin CSRF vulnerability and missing permission checks
A data modification vulnerability exists in Jenkins Agiletestware Pangolin Connector for TestRail Plugin 2.1 and earlier in GlobalConfig.java that allows attackers with Overall/Read permission to override this plugin's configuration by sending crafted HTTP requests to an unprotected endpoint...
CVE-2021-44263
Gurock TestRail before 7.2.4 mishandles HTML escaping...
CVE-2021-44263
Gurock TestRail before 7.2.4 mishandles HTML escaping...
Hardcoded credentials
Gurock TestRail before 7.2.4 mishandles HTML escaping...
CVE-2021-44263
CVE-2021-44263 affects Gurock TestRail before 7.2.4. The root cause is improper HTML escaping, leading to a cross-site scripting (XSS) vulnerability in the web-based test case management software. Affected versions prior to 7.2.4 are susceptible; the issue enables injected HTML/JavaScript content...
CVE-2021-44263
Gurock TestRail before 7.2.4 mishandles HTML escaping...
Gurock Software Gurock TestRail 跨站脚本漏洞
Gurock Software Gurock TestRail is a web-based test case management software for QA and development teams from Gurock Software. The software supports the creation of test cases, management of test suites, and coordination of the testing process. A cross-site scripting vulnerability exists in Guro...
Gurock Testrail 7.2.0.3014 Improper Access Control
Exploit Title: Gurock Testrail 7.2.0.3014 - 'files.md5' Improper Access Control Date: 22/09/2022 Exploit Author: Sick Codes & JohnJHacking Sakura Samuraii Vendor Homepage: https://www.gurock.com/testrail/ Version: 7.2.0.3014 and below Tested on: macOS, Linux, Windows CVE : CVE-2021-40875 Referenc...
Gurock Testrail 7.2.0.3014 - (files.md5) Improper Access Control Vulnerability
Exploit Title: Gurock Testrail 7.2.0.3014 - 'files.md5' Improper Access Control Exploit Author: Sick Codes & JohnJHacking Sakura Samuraii Vendor Homepage: https://www.gurock.com/testrail/ Version: 7.2.0.3014 and below Tested on: macOS, Linux, Windows CVE : CVE-2021-40875 Reference:...
Gurock Testrail 7.2.0.3014 - 'files.md5' Improper Access Control
Exploit Title: Gurock Testrail 7.2.0.3014 - 'files.md5' Improper Access Control Date: 22/09/2022 Exploit Author: Sick Codes & JohnJHacking Sakura Samuraii Vendor Homepage: https://www.gurock.com/testrail/ Version: 7.2.0.3014 and below Tested on: macOS, Linux, Windows CVE : CVE-2021-40875 Referenc...
CVE-2021-40875
Improper Access Control in Gurock TestRail versions 7.2.0.3014 resulted in sensitive information exposure. A threat actor can access the /files.md5 file on the client side of a Gurock TestRail application, disclosing a full list of application files and the corresponding file paths. The...
CVE-2021-40875
Improper Access Control in Gurock TestRail versions 7.2.0.3014 resulted in sensitive information exposure. A threat actor can access the /files.md5 file on the client side of a Gurock TestRail application, disclosing a full list of application files and the corresponding file paths. The...
Improper access control
Improper Access Control in Gurock TestRail versions 7.2.0.3014 resulted in sensitive information exposure. A threat actor can access the /files.md5 file on the client side of a Gurock TestRail application, disclosing a full list of application files and the corresponding file paths. The...
CVE-2021-40875
Improper Access Control in Gurock TestRail versions 7.2.0.3014 resulted in sensitive information exposure. A threat actor can access the /files.md5 file on the client side of a Gurock TestRail application, disclosing a full list of application files and the corresponding file paths. The...
CVE-2021-40875
CVE-2021-40875 concerns Gurock TestRail before 7.2.0.3014, where improper access control allows a client-side request to the "/files.md5" file. The exposure reveals a full list of application files and their paths, which can be tested to potentially disclose hardcoded credentials, API keys, or ot...
PT-2021-22998 · Gurock · Gurock Testrail
Name of the Vulnerable Software and Affected Versions: Gurock TestRail versions prior to 7.2.0.3014 Description: The issue is related to improper access control, resulting in sensitive information exposure. A threat actor can access the "/files.md5" file on the client side of a Gurock TestRail...
Gurock Software Gurock TestRail 信息泄露漏洞
Gurock Software Gurock TestRail is a web-based test case management software for QA and development teams from Gurock Software. The software supports the creation of test cases, the management of test suites and the coordination of the testing process. Gurock Software An information disclosure...
CVE-2021-37788
A vulnerability in the web UI of Gurock TestRail v5.3.0.3603 could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an affected device...