Lucene search
K

69 matches found

NVD
NVD
added 2021/08/09 1:15 p.m.31 views

CVE-2021-37788

A vulnerability in the web UI of Gurock TestRail v5.3.0.3603 could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an affected device...

5.4CVSS0.01525EPSS
Exploits1References1
Prion
Prion
added 2021/08/09 1:15 p.m.31 views

Input validation

A vulnerability in the web UI of Gurock TestRail v5.3.0.3603 could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an affected device...

4.3CVSS5.5AI score0.01525EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2021/08/09 12:32 p.m.53 views

CVE-2021-37788

The CVE-2021-37788 case concerns Gurock TestRail web UI version 5.3.0.3603. The root cause is insufficient input validation of iFrame data in HTTP requests, enabling an unauthenticated, remote attacker to perform a clickjacking attack and potentially affect device integrity. Connected sources (PT...

5.4CVSS5.5AI score0.01525EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/08/09 12:32 p.m.28 views

CVE-2021-37788

A vulnerability in the web UI of Gurock TestRail v5.3.0.3603 could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an affected device...

5.8AI score0.01525EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/08/09 12:0 a.m.7 views

Gurock Software Gurock TestRail 安全漏洞

Gurock Software Gurock TestRail is a web-based test case management software for QA and development teams from Gurock Software. The software supports the creation of test cases, management of test suites, and coordination of the testing process. A security vulnerability exists in Gurock TestRail...

5.4CVSS5.9AI score0.01525EPSS
Exploits1References2
Hacker One
Hacker One
added 2019/12/19 4:23 p.m.47 views

Dropbox: Leaking API_KEY of testrail of HelloSign gives read/write access

The APIKEY and testrail config details were leaked on Github, which attackers could use to access testrail accounts of HelloSign and perform read/write actions. Impact: Access to testrail account of HelloSign...

3.8AI score
Exploits0
Prion
Prion
added 2019/02/25 11:29 p.m.17 views

Unrestricted file upload

An issue was discovered in Gurock TestRail 5.6.0.3853. An "Unrestricted Upload of File" vulnerability exists in the image-upload form available in the description editor, allowing remote authenticated users to execute arbitrary code by uploading an image file with an executable extension but a sa...

6.5CVSS8.6AI score0.02717EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2019/02/25 11:29 p.m.20 views

CVE-2018-20063

An issue was discovered in Gurock TestRail 5.6.0.3853. An "Unrestricted Upload of File" vulnerability exists in the image-upload form available in the description editor, allowing remote authenticated users to execute arbitrary code by uploading an image file with an executable extension but a sa...

8.8CVSS8.7AI score0.02717EPSS
Exploits0References1
OSV
OSV
added 2019/02/25 11:29 p.m.4 views

CVE-2018-20063

An issue was discovered in Gurock TestRail 5.6.0.3853. An "Unrestricted Upload of File" vulnerability exists in the image-upload form available in the description editor, allowing remote authenticated users to execute arbitrary code by uploading an image file with an executable extension but a sa...

8.8CVSS6.1AI score0.02717EPSS
Exploits0References1
CVE
CVE
added 2019/02/25 11:0 p.m.54 views

CVE-2018-20063

CVE-2018-20063 affects Gurock TestRail 5.6.0.3853. The issue is an Unrestricted Upload of File vulnerability in the image-upload form (in the description editor) that allows remote authenticated users to execute arbitrary code by uploading an image with an executable extension but a safe Content-...

8.8CVSS8.6AI score0.02717EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/02/25 11:0 p.m.20 views

CVE-2018-20063

An issue was discovered in Gurock TestRail 5.6.0.3853. An "Unrestricted Upload of File" vulnerability exists in the image-upload form available in the description editor, allowing remote authenticated users to execute arbitrary code by uploading an image file with an executable extension but a sa...

8.7AI score0.02717EPSS
Exploits0References1
Prion
Prion
added 2019/02/07 4:29 p.m.15 views

Path traversal

index.php in Gurock TestRail 5.3.0.3603 returns potentially sensitive information for an invalid request, as demonstrated by full path disclosure and the identification of PHP as the backend technology...

5CVSS5.3AI score0.01103EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2019/02/07 4:29 p.m.17 views

CVE-2019-7535

index.php in Gurock TestRail 5.3.0.3603 returns potentially sensitive information for an invalid request, as demonstrated by full path disclosure and the identification of PHP as the backend technology...

5.3CVSS5.8AI score0.01103EPSS
Exploits0References1
NVD
NVD
added 2019/02/07 4:29 p.m.18 views

CVE-2019-7535

index.php in Gurock TestRail 5.3.0.3603 returns potentially sensitive information for an invalid request, as demonstrated by full path disclosure and the identification of PHP as the backend technology...

5.3CVSS5.3AI score0.01103EPSS
Exploits0References1
CVE
CVE
added 2019/02/07 3:0 p.m.46 views

CVE-2019-7535

CVE-2019-7535 affects Gurock TestRail, specifically the index.php endpoint in version 5.3.0.3603. The issue leaks potentially sensitive information when handling an invalid request, demonstrated by full path disclosure and confirmation that PHP is used as the backend technology. The available doc...

5.3CVSS5.2AI score0.01103EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/02/07 3:0 p.m.17 views

CVE-2019-7535

index.php in Gurock TestRail 5.3.0.3603 returns potentially sensitive information for an invalid request, as demonstrated by full path disclosure and the identification of PHP as the backend technology...

5.3AI score0.01103EPSS
Exploits0References1
CNVD
CNVD
added 2018/08/08 12:0 a.m.3 views

CloudBees Jenkins Agiletestware Pangolin Connector for TestRail Plugin Data Modification Vulnerability

CloudBees Jenkins is a set of Java-based development of continuous integration tools from CloudBees, Inc. in the U.S. It is mainly used to monitor continuous software version release/testing projects and some timed tasks.Agiletestware Pangolin Connector for TestRail Plugin is A plugin for uploadi...

6.5CVSS6.4AI score0.01019EPSS
Exploits0References1
NVD
NVD
added 2018/08/01 1:29 p.m.25 views

CVE-2018-1999032

A data modification vulnerability exists in Jenkins Agiletestware Pangolin Connector for TestRail Plugin 2.1 and earlier in GlobalConfig.java that allows attackers with Overall/Read permission to override this plugin's configuration by sending crafted HTTP requests to an unprotected endpoint...

6.5CVSS6.4AI score0.01019EPSS
Exploits0References1
OSV
OSV
added 2018/08/01 1:29 p.m.30 views

CVE-2018-1999032

A data modification vulnerability exists in Jenkins Agiletestware Pangolin Connector for TestRail Plugin 2.1 and earlier in GlobalConfig.java that allows attackers with Overall/Read permission to override this plugin's configuration by sending crafted HTTP requests to an unprotected endpoint...

6.5CVSS6.6AI score
Exploits0References1
Prion
Prion
added 2018/08/01 1:29 p.m.15 views

Design/Logic Flaw

A data modification vulnerability exists in Jenkins Agiletestware Pangolin Connector for TestRail Plugin 2.1 and earlier in GlobalConfig.java that allows attackers with Overall/Read permission to override this plugin's configuration by sending crafted HTTP requests to an unprotected endpoint...

4CVSS6.3AI score0.01019EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder