Lucene search
K

69 matches found

Cvelist
Cvelist
added 2023/02/03 12:0 a.m.38 views

CVE-2021-36538

Cross Site Scripting XSS vulnerability in Gurock TestRail before 7.1.2 allows remote authenticated attackers to run arbitrary code via the reference field in milestones or description fields in reports...

5.4AI score0.00551EPSS
Exploits1References1
OSV
OSV
added 2022/05/13 1:50 a.m.19 views

GHSA-PWRM-8MVM-P2F2 Jenkins Agiletestware Pangolin Connector for TestRail Plugin CSRF vulnerability and missing permission checks

A data modification vulnerability exists in Jenkins Agiletestware Pangolin Connector for TestRail Plugin 2.1 and earlier in GlobalConfig.java that allows attackers with Overall/Read permission to override this plugin's configuration by sending crafted HTTP requests to an unprotected endpoint...

6.5CVSS6.3AI score0.01019EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/13 1:50 a.m.22 views

Jenkins Agiletestware Pangolin Connector for TestRail Plugin CSRF vulnerability and missing permission checks

A data modification vulnerability exists in Jenkins Agiletestware Pangolin Connector for TestRail Plugin 2.1 and earlier in GlobalConfig.java that allows attackers with Overall/Read permission to override this plugin's configuration by sending crafted HTTP requests to an unprotected endpoint...

6.5CVSS6.6AI score0.01019EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2021/12/20 9:15 a.m.18 views

CVE-2021-44263

Gurock TestRail before 7.2.4 mishandles HTML escaping...

5.4CVSS0.0059EPSS
Exploits1References2
OSV
OSV
added 2021/12/20 9:15 a.m.6 views

CVE-2021-44263

Gurock TestRail before 7.2.4 mishandles HTML escaping...

5.4CVSS5.8AI score0.0059EPSS
Exploits1References2
Prion
Prion
added 2021/12/20 9:15 a.m.15 views

Hardcoded credentials

Gurock TestRail before 7.2.4 mishandles HTML escaping...

3.5CVSS5.5AI score0.0059EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2021/12/20 8:28 a.m.65 views

CVE-2021-44263

CVE-2021-44263 affects Gurock TestRail before 7.2.4. The root cause is improper HTML escaping, leading to a cross-site scripting (XSS) vulnerability in the web-based test case management software. Affected versions prior to 7.2.4 are susceptible; the issue enables injected HTML/JavaScript content...

5.4CVSS5.5AI score0.0059EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/12/20 8:28 a.m.21 views

CVE-2021-44263

Gurock TestRail before 7.2.4 mishandles HTML escaping...

5.8AI score0.0059EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/12/20 12:0 a.m.5 views

Gurock Software Gurock TestRail 跨站脚本漏洞

Gurock Software Gurock TestRail is a web-based test case management software for QA and development teams from Gurock Software. The software supports the creation of test cases, management of test suites, and coordination of the testing process. A cross-site scripting vulnerability exists in Guro...

5.4CVSS5.4AI score0.0059EPSS
Exploits1References3
Packet Storm
Packet Storm
added 2021/09/23 12:0 a.m.212 views

Gurock Testrail 7.2.0.3014 Improper Access Control

Exploit Title: Gurock Testrail 7.2.0.3014 - 'files.md5' Improper Access Control Date: 22/09/2022 Exploit Author: Sick Codes & JohnJHacking Sakura Samuraii Vendor Homepage: https://www.gurock.com/testrail/ Version: 7.2.0.3014 and below Tested on: macOS, Linux, Windows CVE : CVE-2021-40875 Referenc...

0.4AI score0.48417EPSS
Exploits4
0day.today
0day.today
added 2021/09/23 12:0 a.m.225 views

Gurock Testrail 7.2.0.3014 - (files.md5) Improper Access Control Vulnerability

Exploit Title: Gurock Testrail 7.2.0.3014 - 'files.md5' Improper Access Control Exploit Author: Sick Codes & JohnJHacking Sakura Samuraii Vendor Homepage: https://www.gurock.com/testrail/ Version: 7.2.0.3014 and below Tested on: macOS, Linux, Windows CVE : CVE-2021-40875 Reference:...

7.5CVSS0.9AI score0.48417EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/09/23 12:0 a.m.257 views

Gurock Testrail 7.2.0.3014 - 'files.md5' Improper Access Control

Exploit Title: Gurock Testrail 7.2.0.3014 - 'files.md5' Improper Access Control Date: 22/09/2022 Exploit Author: Sick Codes & JohnJHacking Sakura Samuraii Vendor Homepage: https://www.gurock.com/testrail/ Version: 7.2.0.3014 and below Tested on: macOS, Linux, Windows CVE : CVE-2021-40875 Referenc...

7.5CVSS7.6AI score0.48417EPSS
Exploits4
NVD
NVD
added 2021/09/22 3:15 p.m.44 views

CVE-2021-40875

Improper Access Control in Gurock TestRail versions 7.2.0.3014 resulted in sensitive information exposure. A threat actor can access the /files.md5 file on the client side of a Gurock TestRail application, disclosing a full list of application files and the corresponding file paths. The...

7.5CVSS0.48417EPSS
Exploits4References4
OSV
OSV
added 2021/09/22 3:15 p.m.7 views

CVE-2021-40875

Improper Access Control in Gurock TestRail versions 7.2.0.3014 resulted in sensitive information exposure. A threat actor can access the /files.md5 file on the client side of a Gurock TestRail application, disclosing a full list of application files and the corresponding file paths. The...

7.5CVSS5.8AI score0.48417EPSS
Exploits4References4
Prion
Prion
added 2021/09/22 3:15 p.m.17 views

Improper access control

Improper Access Control in Gurock TestRail versions 7.2.0.3014 resulted in sensitive information exposure. A threat actor can access the /files.md5 file on the client side of a Gurock TestRail application, disclosing a full list of application files and the corresponding file paths. The...

5CVSS7.2AI score0.48417EPSS
Exploits4References4Affected Software1
Cvelist
Cvelist
added 2021/09/22 2:32 p.m.48 views

CVE-2021-40875

Improper Access Control in Gurock TestRail versions 7.2.0.3014 resulted in sensitive information exposure. A threat actor can access the /files.md5 file on the client side of a Gurock TestRail application, disclosing a full list of application files and the corresponding file paths. The...

7.4AI score0.48417EPSS
Exploits4References4
CVE
CVE
added 2021/09/22 2:32 p.m.124 views

CVE-2021-40875

CVE-2021-40875 concerns Gurock TestRail before 7.2.0.3014, where improper access control allows a client-side request to the "/files.md5" file. The exposure reveals a full list of application files and their paths, which can be tested to potentially disclose hardcoded credentials, API keys, or ot...

7.5CVSS7.1AI score0.48417EPSS
In wildExploits4References4Affected Software1
Positive Technologies
Positive Technologies
added 2021/09/22 12:0 a.m.5 views

PT-2021-22998 · Gurock · Gurock Testrail

Name of the Vulnerable Software and Affected Versions: Gurock TestRail versions prior to 7.2.0.3014 Description: The issue is related to improper access control, resulting in sensitive information exposure. A threat actor can access the "/files.md5" file on the client side of a Gurock TestRail...

7.5CVSS7.2AI score0.48417EPSS
Exploits4References8
CNNVD
CNNVD
added 2021/09/22 12:0 a.m.5 views

Gurock Software Gurock TestRail 信息泄露漏洞

Gurock Software Gurock TestRail is a web-based test case management software for QA and development teams from Gurock Software. The software supports the creation of test cases, the management of test suites and the coordination of the testing process. Gurock Software An information disclosure...

7.5CVSS7.4AI score0.48417EPSS
Exploits4References6
OSV
OSV
added 2021/08/09 1:15 p.m.4 views

CVE-2021-37788

A vulnerability in the web UI of Gurock TestRail v5.3.0.3603 could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an affected device...

5.4CVSS6.1AI score0.01525EPSS
Exploits1References1
Rows per page
Query Builder